Module Application
- Does your organisation conduct business transactions or activities where interactions may create a risk of, or appear to involve, breaches of data privacy or data exposure?
- Is the organisation in an industry that is particularly susceptible to data privacy, such as where there is a high degree of government regulation (such as organisations that conduct business transactions, hold or collects a large amount of personal data may be exposed to breaches of data privacy)?
Module Scope
The PRIVACY AND DATA PROTECTION module informs the Singaporean organisation of their legal data privacy obligations. The module also demonstrates effective practical advice and assistance to the organisation to implement procedures and processes that will ensure compliance and regulatory accountability throughout all levels of the Singaporean entity.
The PRIVACY AND DATA PROTECTION module advises the Singaporean organisation of the processes and procedures they need to implement to ensure compliance with all legal and regulatory obligations. Core legal and regulatory obligations are based on considerations of the broad questions determining;
- Decision making;
- Accountability;
- Stewardship;
- Direction; and
- Control
To fulfill its purpose the module focuses on providing practical assistance to the Singaporean organisation establishing and maintaining a robust foundational framework that determines;
- How the organisation will function;
- Who is the responsible decision maker;
- What matters are relevant to the decision-making process; and
- Whether the desired outcome has been achieved.
As entities, their employees and authorised individuals are all expected to be familiar with the broad landscape of legal obligations to which they are subject as well as more specific obligations relevant to the particular sector they are operating in, the PRIVACY AND DATA PROTECTION module should be subscribed by all Singaporean organisations, their employees and authorised individuals. The aim of the module is to equip the subscriber with knowledge of their obligations when operating within Singapore and the circumstances in which these obligations are relevant to the Singaporean organisation. The module also provides the subscriber with the skills they require to establish relevant systems and processes to ensure compliance throughout their organisation.
The broad scope of the PRIVACY AND DATA PROTECTION module is to provide answers to these questions;
- What are our legal obligations?
- From where are our legal obligations derived?
- How can we ensure that we are complying with our legal obligations?
- What are the consequences if we are not complying with our legal obligations?
The PRIVACY AND DATA PROTECTION module covers all legislated legal obligations of Singaporean organisations and demonstrates practical assistance and guidance to ensure that these obligations are complied with through the implementation and maintenance of best practice processes throughout the organisation. The module also covers the role of the regulator as well as exemptions to the obligations, if applicable, and how they may or may not apply in particular circumstances.
The module fulfils this objective by comprehensively covering three areas;
- Legislation;
- Obligations; and
- Consequences
- The legislative and regulatory landscape from which the primary legal obligations are derived;
- Personal Data Protection Act 2012 (Cap. 26) (SNG);
- The Personal Data Protection (Amendment) Act 2020 (SNG);
- Computer Misuse Act 1993 (Cap. 50A) (SNG);
- Cybersecurity Act 2018 (SNG); and
- Electronic Transactions Act 2020 (Cap. 88) (SNG).
- The specific areas where legal and regulatory obligations apply to the Singaporean organisation;
- Compliance, policies and practices;
- Key obligations under the Personal Data Protection Act; and
- Key personal data policies.
- Collection, use and disclosure of personal data;
- Consent and deemed consent; and
- Withdrawal of consent.
- Purpose of data collection;
- Notification; and
- Retention and disposal practices.
- Access and correction of personal data;
- Exemptions from access and correction of personal data;
- Request for access and correction of personal data; and
- Care of personal data;
- Accuracy and protection of personal data;
- Retention of personal data;
- Data retention;
- Data breach;
- Data Protection Impact Assessments;
- Personal data in electronic medium/cloud services; and
- Personal data of potential/actual employees.
- Enforcement and Penalties;
- Mediation, reconsideration and appeal.
- Do Not Call Registry;
- NRIC & other national identification numbers; and
- DNC register and consent.
- Privacy and data protection legislation in Singapore imposes penalties for data privacy breaches and failures.
Significant consequences can apply to Singaporean organisations, their employees and authorised individuals found to have breached or not complied with data privacy legal obligations. These consequences vary considerably depending on the nature and extent of the breach or failure. The PRIVACY AND DATA PROTECTION module covers specific consequences in detail. They can include monetary penalties, disciplinary measures and even terms of imprisonment for individuals found to have committed serious criminal offences.
The PRIVACY AND DATA PROTECTION module does not cover the rights or entitlements of individuals who have suffered damages or losses due to breaches of data privacy obligations by Singaporean organisations. The module does not cover the process that an entity or an individual would follow to report or seek compensation for the breach or their loss.