On 8 May 2015, several measures were announced to assist companies to understand their obligations under the Singapore Personal Data Protection Act ("PDPA"), which has been in force since 2 July 2014. The new measures are intended to benefit, in particular, small and medium-sized enterprises ("SMEs").
Legal Advice Scheme
The Personal Data Protection Commission ("PDPC"), which acts as the authority for monitoring compliance of and enforcing the PDPA, will collaborate with the Law Society of Singapore to establish a legal advice scheme starting from 1 June 2015. The new scheme will provide SMEs with basic legal advice on PDPS compliance requirements at a preferential fixed rate.
Increase in DNC Credits
From 1 June 2015, the PDPC will double the credits for free checking of the Do Not Call ("DNC") registry from the current 500 to 1,000. The PDPC estimates that with this new measure in place, over 80% of organisations will not need to pay to check contact numbers against the DNC registry.
New Templates and Resources
The PDPC, in collaboration with the Cyber Security Agency of Singapore ("CSA"), has released the following resources:
- a brochure with information on electronic personal data protection and recommendations on good information and communications technology practices to implement; and
- two guides which provide information on how organisations can protect personal data in electronic medium, as well as information on how organisations should manage data breaches.
In addition, the PDPC has also published a guide containing sample clauses which an organisation may use to obtain an individual’s consent to collect, use or disclose his personal data for particular purposes, as well as for an individual to withdraw consent or otherwise indicate that he does not consent.
New Advisory Guidelines
Lastly, the PDPC also issued a new set of advisory guidelines which provide greater clarity on whether an organisation may require an individual to give his consent for marketing purposes. The guidelines focus on the application and interpretation of section 14(2)(a) of the PDPA and section 46(1) of the Do Not Call Provisions, which state that an organisation shall not, as a condition of providing a product or service, require an individual to give consent beyond what is reasonable to provide the product or service.
All of the above guidelines, templates and resources are available on the PDPC's website.