Regulations and advisory guidelines under Personal Data Protection Act 2012 amended to provide for how business contact information of data protection officers may be set out
27 October 2021
The Personal Data Protection (Notification of Data Breaches) Regulations 2021 and the Personal Data Protection Regulations 2021 were amended on 1 October 2021 to provide for the following:
- Organisations may provide the business contact information of their data protection officers on (i) BizFile+ for companies that are registered with the Accounting and Corporate Regulatory Authority or (ii) in a readily accessible part of the organisation’s official website such that it can be easily found.
- Defences for egregious mishandling of personal data to cover situations where consent has been provided by the individual to whom the personal data relates.
- Minor clarifications on what constitutes significant harm for mandatory data breach reporting in relation to the identification of vulnerable individuals.
At the same time, the Personal Data Protection Commission (“PDPC”) updated the Advisory Guidelines on Key Concepts in the Personal Data Protection Act to provide clarity on these amendments.
On 4 October 2021, PDPC updated the Advisory Guidelines on the Personal Data Protection Act for Selected Topics to provide clarity on the amendments to the Personal Data Protection Act 2012 (“PDPA”) and accompanying regulations which came into force on 1 February 2021 and 1 October 2021 on matters such as using personal data for business analytics and research.
By way of background, the amendments to the PDPA introduced by the Personal Data Protection (Amendment) Act 2020 (“Amendment Act”) to implement a mandatory data breach notification requirement and introduce new offences relating to egregious mishandling of personal data, among other things, came into force on 1 February 2021. Several related subsidiary legislation, including the Personal Data Protection (Notification of Data Breaches) Regulations 2021 and the Personal Data Protection Regulations 2021 also came into force on 1 February 2021.
Reference materials
The following materials are available from Singapore Statutes Online sso.agc.gov.sg and the PDPC website www.pdpc.gov.sg:
- Personal Data Protection (Notification of Data Breaches) Regulations 2021
- Personal Data Protection (Notification of Data Breaches) (Amendment) Regulations 2021
- Personal Data Protection Regulations 2021
- Personal Data Protection (Amendment) Regulations 2021
- Advisory Guidelines on Key Concepts in the Personal Data Protection Act
- Advisory Guidelines on the Personal Data Protection Act for Selected Topics