Thursday, June 12, 2014

The Data Protection Regime pursuant to the Personal Data Protection Act 2012

The Personal Data Protection Act (‘PDPA’) and subsidiary regulations issued pursuant thereto govern the collection, use, disclosure and care of personal data by organisations. Organisations must notify individuals clearly of the purposes for which their personal data would be collected, used or disclosed on or before such collection, use or disclosure, and obtain consent. They should make reasonable efforts to verify that the personal data they hold is accurate, if they intend to use the personal data to make a decision about the individual, or to disclose the personal data.
On request, individuals must be provided with their personal data and information about the ways in which such personal data has been or may have been used or disclosed within a year of such request. Any errors or omissions in the personal data must be corrected upon request. Organisations must protect the personal data they hold. They may transfer personal data to another country only according to the prescribed requirements and must cease retention of the personal data when it is no longer necessary for any business or legal purpose.

Persons sending marketing messages and making marketing calls to Singapore numbers must provide specified information regarding the sender. Marketing messages and calls to numbers listed in the Do Not Call (‘DNC’) Register are generally prohibited.

Organisations must make information about their data protection policies, practices and complaints process available on request and name a dedicated contact person.

For more information, please read our regulatory update on The Data Protection Regime pursuant to the Personal Data Protection Act 2012.

No comments:

Post a Comment