Despite it always being clear that enforcement action by the Personal Data Protection Commission in Singapore ("PDPC") in the event of a data protection breach was a possibility, it has historically been less clear how the PDPC would deal with breaches and what factors it would take into account when issuing fines.

In an effort to remedy this, on 21 April the PDPC issued its 'Advisory Guidelines on Enforcement of the Data Protection Provisions (the "Guidelines"). The Guidelines aim to clarify how the PDPC will interpret and implement the enforcement provisions of the Singapore Personal Data Protection (Enforcement) Regulations 2014 ("PDPA").

The Guidelines were issued on the same day as the summary of the PDPC's key enforcement actions from 2016, making clear the PDPC's intention to continue ramping up its enforcement action against companies who breach the PDPA.

Organisations operating in Singapore should ensure that such processing is in accordance with the PDPA because the PDPC's recent releases make clear that they will take seriously any non-compliance with the PDPA.

The Guidelines can be accessed here.