Singapore Personal Data Protection Act.
Singapore's PDPA governs the collection, use, disclosure, and care of personal data by private organizations, with a consent-based framework, data breach notification obligations, and the right to port data.
Maximum penalty
S$1M or 10% annual turnover
Source: PDPA 2012 (amended 2020)
Key requirements
Consent for collection, use, and disclosure
Data breach notification to PDPC within 3 days
Data portability obligations
Do Not Call Registry compliance
+2 more requirements in the complete guide.
Get the full SG PDPA compliance guide →Enforcement examples
SingHealth
Data breach affecting 1.5M patients including PM Lee
S$250K
2019
How Tessera automates SG PDPA compliance
PDPA consent management
PDPC breach notification workflow
Data portability compliance
DNC Registry compliance monitoring
SG PDPA compliance checklist
Essential steps to achieve and maintain SG PDPA compliance.
Implement consent management framework
Establish 3-day breach notification to PDPC
Appoint Data Protection Officer
+2 more steps in the full checklist.
Get your complete SG PDPA compliance checklist - free →Industries affected
Calculate your SG PDPA exposure.
See exactly how SG PDPA penalties apply to your revenue and industry profile.