The Personal Data Protection (Amendment) Act 2020

CNPupdate

 

The Personal Data Protection (Amendment) Act 2020


A photo of the Parliament building of Singapore



Date Published: 31 March 2021 


Authors: Wong Pei-Ling and Jolyn Wah.
Contributor: Rachelle Ho.




 

The Personal Data Protection (Amendment) Act 2020 (No. 40 of 2020) (“PDPA Amendments”) was passed by Parliament in November 2020 and came into effect on 1 February 2021.  The PDPA Amendments amend the Personal Data Protection Act 2012 (No. 26 of 2012) (“PDPA”), which is the primary legislation regulating the collection, use and disclosure of personal data in Singapore.[1]

This article provides an update on the key aspects of the PDPA Amendments, which will be implemented in phases in 2021, beginning 1 February 2021. Several of the key amendments which are now in force are as follows:

 

Mandatory Data Breach Notification

Mandatory Data Breach Notification

Changes to “deemed consent” and enhanced exceptions to the consent requirement

New basis for deemed consent to apply for collection, use and disclosure of personal data

New consent exceptions for collection, use and disclosure of personal data part 1(1)New consent exceptions for collection, use and disclosure of personal data Part 2 (1)New consent exceptions for collection, use and disclosure of personal data Part 3 (1)

Proposed amendments that have not come into force

Obligation for data portability

Obligation for data portability (v1)

New offences and increased financial penalties

New offences and increased financial penalties (v1)

 

[1] Please refer to our previous article on the Personal Data Protection (Amendment) Bill at https://www.cnplaw.com/amendments-to-the-personal-data-protection-act-cnpupdate-jan2021

[2] Part VIA of the PDPA

[3] Section 26B of the PDPA

[4] Regulation 3 read with Part 1 of the Schedule to the Personal Data Protection (Notification of Data Breaches) Regulations 2021

[5] Regulation 4 read with Part 1 of the Schedule to the Personal Data Protection (Notification of Data Breaches) Regulations 2021

[6] Section 26C of the PDPA

[7] See section 15 of the PDPA

[8] See section 15A of the PDPA

[9] Paragraph 12.27 of the Advisory Guidelines on Key Concepts in the PDPA (revised 1 February 2021)

[10] See paragraph 12.55 of the Advisory Guidelines on Key Concepts in the PDPA (revised 1 February 2021)

[11] See Part 3 of the First Schedule to the PDPA and paragraph 12.57 of the Advisory Guidelines on Key Concepts in the PDPA

[12] See Regulation 15 of the Personal Data Protection Regulations 2021 and paragraph 12.57 of the Advisory Guidelines on Key Concepts in the PDPA

[13] Part 5 of the First Schedule to the PDPA and Division 2 under Part 2 of the Second Schedule to the PDPA

[14] See paragraph 1(2) under Part 5 of the First Schedule to the PDPA and paragraph 12.73 of the Advisory Guidelines on Key Concepts in the PDPA

[15] See paragraph 12.72 of the Advisory Guidelines on Key Concepts in the PDPA

[16] See paragraph 12.80 of the Advisory Guidelines on Key Concepts in the PDPA

[17] See Explanatory Statement to the Personal Data Protection (Amendment) Bill

[18] Part IXB of the Personal Data Protection (Amendment) Bill

[19] See section 24(a) of the Personal Data Protection (Amendment) Bill


Disclaimer: This update is provided to you for general information and should not be relied upon as legal advice. The editor and the contributing authors do not guarantee the accuracy of the contents and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the contents.


Wong Pei Ling Senior Legal Associate at CNPLaw LLP image
Partner

    Pei-Ling has over 23 years of legal experience and has advised clients with Malaysian and Singaporean interests on their cross-border transactions, joint ventures, investments, commercial and technology agreements.

    Jolyn Wah Associate at CNPLaw

      Senior Associate
      Jolyn is a Senior Associate in the Corporate Advisory team. She graduated from the National University of Singapore and was ranked 3rd in Part B of the Singapore Bar Examinations in 2015. Her main area of practice includes corporate advisory and employment matters. Jolyn was trained in various practice areas of law with a focus on commercial litigation and family law prior to joining CNPLaw.


      With the prevalence of technology and increasing connectivity through the internetcybersecurity and data protection are areas that have grown more important in Singapore.

      Since the introduction of the Personal Data Protection Act 2012 (“PDPA), it is mandatory for organisations to comply with data protection rules and we strive to help our clients understand that compliance with the PDPA is no longer an option.

      At CNPLaw, we have worked with our clients and helped them navigate through a variety of data protection issues





        Data Protection and Security   >   CNPupdate  >   Current Article