PDPA'S SCOPE Flashcards
What is the scope of the PDPA?
The PDPA applies to all private sector organizations in Singapore - including companies - societies - and associations - except for individuals acting in a personal or domestic capacity - employees acting in the course of their employment - and public agencies. It applies to these organizations whether they are locally incorporated or foreign-owned.
To which organizations does the PDPA apply?
The PDPA also applies to organizations outside Singapore that process personal data of Singaporean or permanent residents (on Singaporean territory) if the processing is related to offering them goods or services.
Does the PDPA apply to organizations outside Singapore?
There’s no specific provisions for extraterritorial operations of the PDPA. Foreign companies which do not have a physical presence in Singapore can still be liable under the PDPA but only for actions which take place in Singapore such as collection or disclosure of personal information.
What does the PDPA govern?
The PDPA governs the collection - use - and disclosure of personal data by organizations. It aims to protect individuals’ personal data while recognizing the need for organizations to collect and use such data for legitimate purposes.
What are the PDPA principles?
Consent - Accuracy - Retention - Limitation - Purpose Limitation - Openness/accountability - Specification - Transfer Limitation - Access & Correction - Security
What is the scope of exemptions under the PDPA?
Exemptions are potentially unlimited in scope because PDPC - with approval of the Minister - by order published in Gazette - may exempt anybody and anything as it wishes.
What are the PDPA exemptions?
Public sector and data intermediaries contracted by public organizations. Public agencies and organizations acting on their behalf are governed by the Government Instruction Manual on IT Management (IM8) and other relevant regulations - not by the PDPA. Is also exempted by PDPA personal data that is in a record for more than a 100 years. Is also exempted business contact information used for business purposes.
