Recently, the Personal Data Protection Commission (the “PDPC”) of Singapore is sending reminder emails to all companies registered with the Accounting and Corporate Regulatory Authority (the “ACRA”) in Singapore. Companies that have not yet submitted their Data Protection Officer (the “DPO”) information on ACRA Bizfile+ are required to do so promptly.
Additionally, companies are reminded to create a Data Protection Notice to remain compliant with the Personal Data Protection Act (PDPA).
Singapore’s Personal Data Protection Commission (PDPC) was set up in 2013 to enforce the Personal Data Protection Act (PDPA). This law protects personal data and regulates how it’s collected, used, and shared in Singapore. It also strengthens Singapore’s reputation as a trusted business and data hub.
The PDPA applies to various entities, including individuals, companies, associations, and both corporate and non-corporate organizations.
It also created the Do Not Call (DNC) registry, allowing people to register their Singapore phone numbers to block unwanted marketing messages from businesses.
When collecting, using, or disclosing personal information, organizations must comply with Singapore’s Personal Data Protection Act (PDPA). To learn more about the eleven obligations under the PDPA, click the website below:
[Click here to view the full list of obligations under the PDPA].
Consequences and Fines for Non-Compliance
– Ordered to stop the unlawful collection, use, or disclosure of personal data.
– Required to delete all personal data involved in the violation.
– Fined up to 10% of annual turnover or S$1 million, whichever is higher.
Required Information for Submitting DPO Details
You need to provide the following information:
• Name of DPO
• Designation
• Contact Number
• Business Email Address
• Company Mainline
How to Submit DPO Information?
You can always check more information on PDPA from official website of PDPC.
Once a DPO is appointed, companies must also establish a data protection notice. Companies can create the notice through the Data Protection Notice Generator to ensure they meet PDPA requirements.
To help DPOs and companies better understand and implement the PDPA, the following resources can be referenced:
PDPA Training Courses: The E-Learning of Data Protection website offers detailed courses and assessments to help DPOs become familiar with key aspects of the PDPA. Companies can also conduct internal training to educate employees on the importance of personal data protection.
To streamline your company’s workflow, please reach out to your assigned secretary if you have any questions. We are here to assist with the necessary filings and document preparation to ensure your organisation remains compliant.
Q: Why is the appointment of a DPO mandatory?
A: To ensure someone is responsible for managing personal data and ensuring compliance with PDPA requirements.
Q: What is the deadline to submit DPO information to the PDPC?
A: There is no deadline to register your DPO. However, PDPC encourage your company to register your DPO as early as possible so that he/she can be kept abreast of relevant personal data protection developments in Singapore.
Q: What DPO information must be made public?
A: Companies must disclose the DPO’s business contact details, including name, phone number, and email.
Q: Can the DPO be an external consultant?
A: Yes, the DPO can be an internal employee or an external consultant, as long as they have the qualifications to fulfill the role. Hiring an external consultant may incur service fees.
Q: What are the consequences of missing the deadline?
A: While no specific penalties have been outlined yet, failure to appoint a DPO or submit the information on time could result in non-compliance, potentially leading to fines or enforcement actions by the PDPC.
Q: What qualifications should a DPO have?
A: A DPO should have a solid understanding of data protection laws, experience in privacy compliance, and relevant qualifications in data protection or privacy law.
Q: Can the DPO role be combined with another role within the company?
A: Yes, the DPO role can be combined with other responsibilities, provided it doesn’t create conflicts of interest or hinder the person from fulfilling their DPO duties effectively.
Q: Can I change my DPO later?
A: Yes, if you change your DPO, you must update the information on PDPC/ACRA to maintain compliance with PDPA.
Q: Does a dormant company still need to appoint a DPO?
A: Even if your company is dormant, you may still be required to appoint a DPO depending on your activities and regulatory obligations.
