While all of the updates affect all industries, their impact will be even more pronounced for companies that adhere to industry regulations, or for start-ups with limited resources that have not prioritized privacy until now.
The updated legislation, which is coming into force soon, should affect entrepreneurs or trademark sellers of any firm, but especially SMEs, who may be involved in such crimes only by supervision – who may not be aware of the data they collect and store, or who may unknowingly handle the wrong channels.
Singapore is nothing new in the world of privacy law, but the latest PDPA updates significantly heighten legal requirements on how companies can collect, use and store personal data and how they should prepare for and respond to privacy incidents.
As a result of previous changes, a number of subsequent changes have been made to the PDPA regulations, in particular to the Personal Data Protection Regulation 2021 (“PDP Regulations”) and Personal Data Protection (Data Breach Notice). Ordinance 2021 (“Notice Statement”).
These amendments introduce new categories for business consent to collect consumer data, introduce mandatory notifications of a data breach for PDPC in cases where a violation harms consumers, establish new offences and private right to sue for PDPA violations and increase the PDPC’s powers.
To help businesses stay accountable and stay on top of changes, the Personal Data Protection Commission (PDPC) has updated the content of two existing data protection guidelines to align with the changes in the PDPA and to support businesses in their implementation of personal data. security policies and processes. PDPC DPIA leadership goes hand in hand with DPMP leadership, providing organizations with a simple six-step process for reviewing data protection policies and identifying risks.
In this guidance, PDPC states that DPIA is a tool that allows organizations to better assess whether their processing of personal data is in line with PDPA or data protection best practices, and to apply technical or organizational measures. protection against data protection risks for individuals.
To demonstrate accountability, organizations must develop policies, communicate and communicate those policies to staff, and appoint a Data Protection Officer (DPO) to ensure that implemented policies are PDPA compliant. DPMP understands these strategies and guides organizations in their pursuit of effective data protection through a four-step framework that they can adapt to their unique context.
Key legal components of this strategy include the 2012 Personal Data Protection Act (PDPA), Singapore’s first comprehensive system to protect personal data, the Computer Misuse Act (CMA) to combat cybercrime and other cyber threats, and the cybersecurity. 2018 (Cybersecurity Act), which focuses on protecting Singapore’s Critical Information Infrastructure (CII) across 11 critical sectors and building a comprehensive national cybersecurity framework.