This post is also available in: 简体中文 (Chinese (Simplified))

Corporate Compliance Requirement | Data Protection Obligations of the PDPA

Data security and privacy is a very serious matter, and no one takes data protection more seriously than 3E Accounting. Since anything can be done online these days, it comes as no surprise that in some instances we would be forced to disclose personal data to organisations and companies. Whenever we purchase something online or sign up for a service of some sort for example, there is going to be personal particulars that we would need to reveal. Therefore, it is important to ensure your data is well protected at all times, and 3E Accounting can help you to comply with PDPA and protect your data.


The Personal Data Protection Act 2012

In Singapore, an organisation is required to comply with the entire Personal Data Protection Act 2012 (PDPA). Under this act, it is mandatory for companies to appoint at least one individual who will act as the company’s Data Protection Officer (DPO). This move is to help regulate the collection, use, and/or disclosure of personal data by the organisations.

Every organisation is responsible for personal data that is under its control. To regulate the data and ensure compliance with PDPA’s requirements, one or more individuals need to be appointed to be responsible for handling those matters. It is strongly encouraged that all organisations handle this as soon as possible to ensure optimum security protection.


The Role of a Data Protection Officer (DPO)

The DPO has a crucial role to play and there is more involved that merely ensuring the PDPA’s guidelines are met. The DPO is responsible for turning data protection into a competitive advantage for the organisation and to encourage trust in the wider data ecosystem.

The designated DPO may be an individual who is an existing employee in the organisation, subsidiaries or its affiliated companies. In a larger organisation, this role may be assigned to a management committee. The person(s) designated may then delegate the responsibilities to another individual.

While it is not mandatory under the law to inform the PDPC of the DPO’s details, organisations are strongly encouraged to do so. This will help the DPOs keep abreast of relevant personal data protection developments in Singapore. Therefore, you are encouraged to submit the DPO’s appointment details via ACRA’s BizFile+ if you have yet to do so.

For more help (subsidised training, online training, checklist) on how to comply with PDPA, please see

For sample of Data Protection Policy, you can refer to


What Happens If There is a Breach of Personal Data?

Despite the stricter rules that have been enforced as a protective measure towards personal data online and measures taken by both organisations and individuals to ensure their own protection – such as a secure IT security system in place with antiviruses, firewalls for example –  there are still instances where the rules have been breach. Organisations that have been found guilty of violating the rules can face a financial penalty depending on the breach that has occurred.

If you require legal counsel on data protection as well as the available insurance that can help protect your organisation from future risks, our team of professionals are here to help. 3E Accounting’s affiliate lawyer will help you handle all your regulation and data protection setup system so you can have peace of mind. Our IT Security experts are also on hand to help reinforce your online security system if needed. For more information, contact us today via our website and we will be in touch.