Authors: Wong Pei-Ling and Jolyn Wah.
Contributor: Rachelle Ho.
The Personal Data Protection (Amendment) Act 2020 (No. 40 of 2020) (“PDPA Amendments”) was passed by Parliament in November 2020 and came into effect on 1 February 2021. The PDPA Amendments amend the Personal Data Protection Act 2012 (No. 26 of 2012) (“PDPA”), which is the primary legislation regulating the collection, use and disclosure of personal data in Singapore.[1]
This article provides an update on the key aspects of the PDPA Amendments, which will be implemented in phases in 2021, beginning 1 February 2021. Several of the key amendments which are now in force are as follows:
Mandatory Data Breach Notification
Changes to “deemed consent” and enhanced exceptions to the consent requirement
Proposed amendments that have not come into force
Obligation for data portability
New offences and increased financial penalties
GENERAL DISCLAIMER
This article is provided to you for general information and should not be relied upon as legal advice. The editor and the contributing authors do not guarantee the accuracy of the contents and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the contents.
Footnotes
[1] Please refer to our previous article on the Personal Data Protection (Amendment) Bill at https://www.cnplaw.com/amendments-to-the-personal-data-protection-act-cnpupdate-jan2021
[2] Part VIA of the PDPA
[3] Section 26B of the PDPA
[4] Regulation 3 read with Part 1 of the Schedule to the Personal Data Protection (Notification of Data Breaches) Regulations 2021
[5] Regulation 4 read with Part 1 of the Schedule to the Personal Data Protection (Notification of Data Breaches) Regulations 2021
[6] Section 26C of the PDPA
[7] See section 15 of the PDPA
[8] See section 15A of the PDPA
[9] Paragraph 12.27 of the Advisory Guidelines on Key Concepts in the PDPA (revised 1 February 2021)
[10] See paragraph 12.55 of the Advisory Guidelines on Key Concepts in the PDPA (revised 1 February 2021)
[11] See Part 3 of the First Schedule to the PDPA and paragraph 12.57 of the Advisory Guidelines on Key Concepts in the PDPA
[12] See Regulation 15 of the Personal Data Protection Regulations 2021 and paragraph 12.57 of the Advisory Guidelines on Key Concepts in the PDPA
[13] Part 5 of the First Schedule to the PDPA and Division 2 under Part 2 of the Second Schedule to the PDPA
[14] See paragraph 1(2) under Part 5 of the First Schedule to the PDPA and paragraph 12.73 of the Advisory Guidelines on Key Concepts in the PDPA
[15] See paragraph 12.72 of the Advisory Guidelines on Key Concepts in the PDPA
[16] See paragraph 12.80 of the Advisory Guidelines on Key Concepts in the PDPA
[17] See Explanatory Statement to the Personal Data Protection (Amendment) Bill
[18] Part IXB of the Personal Data Protection (Amendment) Bill
[19] See section 24(a) of the Personal Data Protection (Amendment) Bill