Singapore data privacy law updates 2020 In June 2020, the Personal Data Protection Regulations 2014 (“ Regulations”) were revised to recognise the Asia Pacific Economic Cooperation (“ APEC”) Cross Border Privacy Rules (“ CBPR”) System and, for data processors, the Privacy Recognition for Processors (“ PRP”) System certifications as an additional data transfer mechanism under the PDPA for transferring personal data outside Singapore. Section 26 of the PDPA restricts an organisation from transferring personal data outside Singapore (“ Transfer Limitation Obligation”), unless at least one of the prescribed safeguards has been put in place to ensure that the data recipient will provide a standard of protection to the transferred personal data that is comparable to the protection under the PDPA. The Regulations further specify the steps that an organisation may take to ensure that the overseas recipient of personal data is bound by legally enforceable obligations to provide a comparable standard of protection to the transferred personal data.