Personal Data Protection Act (PDPA)

Are you prepared?

What is PDPA?

Singapore Personal Data Protection Act 2012 (PDPA) is a law that governs the collection, use and disclosure of personal data by all private organisations. The Act has come into full effect on 2nd July 2014. Organisations which fail to comply with PDPA may be fined up to $1 million and suffer reputation damage. 


1. Purpose Limitation

Only use or disclose personal data for the purposes defined.

2. Notification

Inform the individuals on the purposes for collection, use and disclosure of their personal data during collection.

3. Consent

Ensure that the consent has been obtained from the individuals before collecting, using or disclosure of the personal data.

4. Access and Correction

Upon request, provide the personal data of the individual and information on how the individual’s personal data has been used or disclosed in the past year.

Correct an individual’s personal data upon request.

5. Accuracy

Ensure that personal data is accurate and complete during collection or when making a decision which will affect the individual.

6. Protection

Keep personal data in your possession secure from unauthorised access, modification, disclosure, use, copying, whether in hardcopy or electronic form.

7. Retention Limitation

Retain personal data only for business/legal purposes and securely destroy personal data when no longer needed.

8. Transfer Limitation

Ensure overseas external organisations provide a standard of protection comparable to the protection under the Singapore PDPA

9. Openness

Designate a Data Protection Officer and publish his/her business contact information.

Make available personal data protection policies and practices to public and employees, including complaint process.

10. Do-Not-Call (DNC)

Do not send marketing messages to individuals who have registered in the National DNC registry through voice, text messages or fax unless you have obtained their clear and unambiguous consent or have an on-going relationship (for text / fax).


How do you comply?

PDPA Requirements

Designate a Data Protection officer (DPO)

Map organisation’s Personal Data Inventory

Implement personal data protection policy

Communicate to employees on the personal data protection policies

Incorporate data protection as part of BAU

Establish regular compliance program to verify adherence to PDPA requirements

PwC PDPA Service Offerings

Personal Data Protection Support Office

Gap Assessment


Framework Development

Training / Awareness

Personal Data Protection Support Office

Compliance Review


Description of PwC Services Offerings

  • Gap Assessment - Conduct gap assessment against the PDPA requirements
  • Framework Development - Define Data Protection Policy and Processes to kick start your compliance program
  • Training / Awareness - Provide training and awareness programs to employees on organization’s personal data protection policies and processes
  • Personal Data Protection Support Office - Offer 360◦ administrative and advisory support for your Data Protection Office
  • Compliance Review - Perform compliance review and testing against PDPA’s requirements

What are your benefits by engaging PwC?

Depending on the services, your organisation will

  • Stay on track with PDPA requirements
  • Be able to concentrate on core businesses while maintaining PDPA compliance
  • Be able to leverage on PwC readily available knowledge base and capabilities.