In Short
The Background: On February 1, 2021, Singapore s Personal Data Protection (Amendment) Act 2020 ( PDPAA ) came into effect.
The Situation: The PDPAA is the first comprehensive update to Singapore s Personal Data Protection Act 2012 ( PDPA ) since its enactment in 2012 and is aimed at reflecting global developments in individual privacy protection while enabling businesses to use data to grow and innovate in the digital economy.
Looking Ahead: Organisations should be aware of the changes that have been made to the PDPA and review and update their policies and procedures (both internal- and external-facing) to comply with the new obligations and the ways in which they utilise data collected under the PDPA.
Singapore data privacy law updates 2020
In June 2020, the Personal Data Protection Regulations 2014 (“
Regulations”) were revised to recognise the Asia Pacific Economic Cooperation (“
APEC”) Cross Border Privacy Rules (“
CBPR”) System and, for data processors, the Privacy Recognition for Processors (“
PRP”) System certifications as an additional data transfer mechanism under the PDPA for transferring personal data outside Singapore.
Section 26 of the PDPA restricts an organisation from transferring personal data outside Singapore (“
Transfer Limitation Obligation”), unless at least one of the prescribed safeguards has been put in place to ensure that the data recipient will provide a standard of protection to the transferred personal data that is comparable to the protection under the PDPA. The Regulations further specify the steps that an organisation may take to ensure that the overseas recipient of personal data is bound by legally enforceable obligation