Personal data refers to data about an individual who can be identified from that data, or from that data and other information to which the organisation has or is likely to have access.
What is the PDPA?
The Personal Data Protection Act (PDPA) provides a baseline standard of protection for personal data in Singapore. It complements sector-specific legislative and regulatory frameworks such as the Banking Act and Insurance Act.
It comprises various requirements governing the collection, use, disclosure and care of personal data in Singapore.
It also provides for the establishment of a national Do Not Call (DNC) Registry. Individuals may register their Singapore telephone numbers with the DNC Registry to opt out of receiving unwanted telemarketing messages from organisations.
Objectives of the PDPA
The PDPA recognises both the need to protect individuals’ personal data and the need of organisations to collect, use or disclose personal data for legitimate and reasonable purposes.
A data protection regime is necessary to safeguard personal data from misuse and to maintain individuals’ trust in organisations that manage their data.
Scope of the PDPA
The PDPA covers personal data stored in electronic and non-electronic formats.
It generally does not apply to:
Any individual acting on a personal or domestic basis.
Any individual acting in his/her capacity as an employee with an organisation.
Any public agency in relation to the collection, use or disclosure of personal data.
Business contact information such as an individual’s name, position or title, business telephone number, business address, business email, business fax number and similar information.