Adhering to PHMC and PDPA Regulations

An increasing number of International Regulatory Bodies worldwide seem to be focusing on the protection of personal data. Their efforts, in this regard, have certainly led to the creation of various Data Protection Laws/. The Government of Singapore has not been left behind with the introduction of the Personal Data Protection Act (PDPA).

 

You may think this act is all about protecting personal data. However, there is more to it than meets the eye considering it also offers protection to the fundamental rights of individuals regarding their personal information. The law allows for the protection of Personal Data (PD) of individual that companies collect during the course of their business.

 

Adhering to PHMC and PDPA Regulations narrows to first understanding what they entail. In a nutshell, the Personal Data Protection Act 2012 (PDPA) is a Data Protection law enforced and administered by the Personal Data Protection Commission (PDPC). This law was put in place to offer protections to Singaporeans and carries with it immense ramifications on organizations handling such data.

 

The PDPA Compliance is tasked with the mandate of governing the collection, use, disclosure of Personal Data as described in the PDPA Guidelines and Compliance check-list. Keep in mind the Singapore Government clearly outlined 9 data protection obligations to follow. They include purpose limitation, consent, access and correction, notification, accuracy, protection, transfer, retention, and openness.

 

It is worth mentioning that the PDPA compliances applies to any organization known to process and deal with any kind of Personal Data in Singapore. Employees working in such an organization must adhere to the set policies and procedures in line with PDPA Rule. However, they can’t be held personally responsible for the company’s breach.

 

Keep in mind there are organizations exempted from PDPA. That’s more so with government agencies or public agencies. This would imply the exclusion of organizations acting on behalf of a public agency in matters relating to Personal Data. Additionally, the law doesn’t apply to individuals acting in a personal or domestic capacity.

 

Organizations that fail to comply to this law risk making do with harsh penalties. These penalties may include scenarios wherein an individual submits a complaint to the PDPC, which proceeds to investigate the business conduct and compliance with the PDPA. If guilty, the PDPC may choose to impose a financial penalty amounting to $1 million or 10% of the annual turnover, whichever is higher.