June 6, 2018

Personal Data Protection Commission


Personal Data Protection Commission

The PDPC also known as ‘Personal Data Protection Commission Singapore’ was established on 2nd January 2013 to administer the ‘Personal Data Protection Act’ also known as PDPA. The PDPA initiative is aimed at balancing the need to protect the individual’s data and the needs of the organization for legitimate purposes. Another initiative that PDPC administers is the recent ‘Do Not Call (DNC) Registry’ that will be effective from July 2014 to ensure that individuals received telemarketing messages that they have opted and subscribed willingly instead of unsolicited telemarketing and to help organisations boost customer relations by increasing customer’s confidence and trust. Both initiatives will be affecting all companies that are having an entity in Singapore.

Personal Data Protection Act

Commenced on 20th November 2012, this act has a series of phases which includes the recent ‘Do Not Call (DNC) Registry’ that will be in full force on 2nd July 2014. This data protection law comprises of various rules and regulations that govern the collection, use, disclosure and care of personal data. Its aim is to strengthen and entrench Singapore’s competitiveness and position as a trusted, world class hub for businesses.

Do Not Call (DNC) Registry

This register lets individuals or organisations to opt out of marketing messages addresses to your Singapore’s registered telephone number be it handphone or office number. Marketing messages may include promotion and advertising of services and goods so that individuals or organisations have better control over the type of messages on your mobile devices, telephone or fax machine.

This act forbids organizations or individuals to send marketing messages to Singapore registered numbers that are registered with this registry.

Enforcement of the Data Protection Act:

If the PDPC finds that an organization is in breach of any of the data protection provisions in the PDPA, it may give the organization such directions that it thinks appropriate to ensure compliance. These directions may include requiring the organization to:

  • Stop collecting, using or disclosing personal data in contravention of the Act;
  • Destroy personal data collected in contravention of the Act;
  • Provide access to or correct the personal data; and/or
  • Pay a financial penalty of an amount not exceeding $1 million.

To find out more, kindly click on the following links: