How does the Singapore Personal Data Protection Act work?
Personal data refers to data about an individual who can be recognized from that data; or from that data and other information to which the organization has or is likely to have access. Personal data in Singapore is protected under the Personal Data Protection Act 2012 (PDPA).
Nowadays, a huge amount of personal data are collected, used and even transferred to third-party organizations for various reasons. This trend is estimated to grow exponentially as the processing and analysis of bulk amounts of personal data becomes probable with increasingly sophisticated technology.
With such a trend comes growing concerns from individuals about how their personal data is being used. Hence, a data protection regime to govern the collection, use, and disclosure of personal data are necessary to address these concerns and to maintain individuals’ trust in organizations that manage data.
By regulating the flow of personal data among organizations, the PDPA also aims to make stronger and establish Singapore’s competitiveness and position as a trusted, world-class hub for businesses.
The PDPA will make sure a baseline standard of protection for personal data across the economy by complementing sector-specific legislative and regulatory frameworks. This means that organizations will have to obey the PDPA as well as the common law and other relevant laws that are applied to the specific industry that they belong to when handling personal data in their possession.
The PDPA takes into account the following concepts:
Consent – Organizations may collect, use or disclose personal data only with the individual’s knowledge and consent (with some exceptions);
Purpose – Organizations may collect, use or disclose personal data in an appropriate manner for the circumstances, and only if they have informed the individual of purposes for the collection, use or disclosure; and
Reasonableness – Organizations may collect, use or disclose personal data only for purposes that would be considered appropriate to a reasonable person in the given circumstances.
Tagged with: Singapore PDPA
, Singapore Personal Data Protection Commission
, Singapore's Personal Data Protection Act