Data Protection

Business Expertise

What is PDPA?

Personal Data Protection Act 2012 - "An Act to govern the collection, use and disclosure of personal data by organisations, and to establish the Do Not Call Register and to provide for its administration, and for matters connected therewith."

The importance of data protection

Personal Data Protection Act (PDPA) was passed by Parliament on 15th October 2012 and assented to by the then President, Dr. Tony Tan on 20th November 2012. Generally, organisations are responsible for personal data in their possession or under their control. The PDPA stipulated the data protection requirements which contain the following eleven main obligations that organisation would need to fulfill while carrying out their business activities related to the collection, use or disclosure of personal data.

PDPA as the primary Legislation

PDPA is the overarching and primary legislation (acka Mother Act) governing the protection of personal data. In addition, following subsidiary legislations were enacted to specify certain requirement for implementation:

1. Personal Data Protection (Appeal) Regulations 2021 - S 65/2021

2. Personal Data Protection (Composition of Offences) Regulations 2021 - S 70/2021

3. Personal Data Protection (Do Not Call Registry) Regulations 2013 - S 709/2013

4. Personal Data Protection (Enforcement) Regulations 2021 - S 62/2021

5. Personal Data Protection (Notification of Data Breaches) Regulations 2021 - S 64/2021

6. Personal Data Protection (Prescribed Healthcare Bodies) Notification 2015 - S 90/2015

7. Personal Data Protection (Prescribed Law Enforcement Agencies) Notification 2014 - S 368/2014

8. Personal Data Protection (Prescribed Law Enforcement Agency) Notification 2020 - S 272/2020

9. Personal Data Protection (Statutory Bodies) Notification 2013 - S 149/2013

10. Personal Data Protection Regulations 2021 - S 63/2021

QuESH can provide your data protection needs!

It is important to note that PDPA does not affect any right or obligation under the law with other laws. In the event of any inconsistency, the provisions of other written laws will prevail. For example, the banking secrecy laws under Banking Act governing customer information obtained by banks prevails over the PDPA in the event of any inconsistency with the PDPA.

To assist and encourage organisations to establish processes or systems for data protection, Infocomm Media Development Agency (IMDA) initiated a programme, namely Data Protection Trustmark (DPTM) for organisations to adopt.

QuESH is one of the registered service provider in assisting organisation to start off their data protection process. To know more about the programmes, just email us!

Data Protection Trustmark SS 714:2025

This is a voluntary certification for organisations to demonstrate that they have robust and sound data protection processes and practices in place as part of their business process. DPTM is now part of the national Singapore Standards (SS), elevating the level of recognition for organisations which obtain DPTM-certification.

This Standard aims to provide assurance to businesses and their customers that their personal data is properly managed by organisations that adopt these data protection practices.
a) strengthen and demonstrate compliance with regulatory and statutory requirements for the protection of personal data and promote accountability by organisations;
b) enhance and promote consistency in data protection standards across all sectors;
c) provide a competitive advantage for businesses that are certified; and
d) encourage organisations to be transparent and accountable in their data protection practices and boost consumer confidence in their management of personal data.

For a guided approach to implementing accountable data protection policies and practices in line with the SS 714:2025 requirements, please refer to our Resources site for the SS 714 Implementation Guide

πŸ“žTo know more about DPTM Certification process, you can contact us to have a Sales Representative to reach out to you.

QuESH has assisted more than 30 clients in attaining DPTM.

The journey of attainment was not easy but was definitely rewarding to our clients.

Congrats to those Certified Organisations!

Save your time and effort spent for finding a solution. Contact us now

Scroll