The Personal Data Protection Act (Act 26 of 2012) (the "PDPA") regulates how personal data is handled. The PDPA establishes an overarching data protection framework, setting out baseline rules on the collection, use, disclosure, and protection of personal data by private sector organisations. The PDPA also established the Personal Data Privacy Commission (PDPC), which is responsible for the administration and enforcement of the PDPA.

The PDPA establishes two distinct regimes in Singapore for the protection of personal data:

  • The "Do Not Call" Regime, which came into force on January 2, 2014; and

  • The Data Privacy Provisions, which came into force on July 2, 2014.

The PDPA applies to "personal data," which means all types of personal data (whether true or not), from which an individual (whether living or deceased) can be identified (except for personal data that has been expressly excluded). The PDPA covers personal data stored in electronic and nonelectronic forms. Examples of personal data include passport number, date of birth, photographs, and DNA profiles.

Search for a lawyer here and you will be in direct contact with a lawyer within minutes.