Personal Data Protection Act (PDPA) Consultant

Get Control Over Critical Data Protection

involving employees in protecting against phising

What is PDPA?

PDPA is a legislature enacted by the Personal Data Protection Commission (PDPC) to govern the collection, use, disclosure and handling of personal data. At the core of the PDPA, there are nine mandatory obligations imposed to give individuals more control over how their personal data is collected, used and disclosed. At the same time, they enable organisations to better facilitate safe and protected cross-border transfer of information. These obligations include:

  • Consent Obligation: Organisations must first acquire an individual’s consent before collecting, using or disclosing his or her personal data. Individuals are allowed to withdraw their consent with reasonable notice.
  • Purpose Limitation: Upon consent, organisations can only use the information for a purpose that would be considered appropriate to a reasonable person in the circumstance.
  • Notification: When collecting, using or disclosing data, individuals should be notified of their purposes before such collection, use or disclosure.
  • Access and Correction: Upon requests, organisations must provide the individual with his or her personal data that they possess and how they have been used or disclosed in the past year. Organisations must also allow an individual to correct an error or omission in his or her personal data, unless upon reasonable grounds.
  • Accountability: Organisations must make information about data protection policies, practices and complaints process available on request.
  • Protection: Organisations must implement reasonable security arrangements to protect the data they possess or control.
  • Accuracy: Organisations are obliged to make a reasonable effort to ensure that the personal data collected by or on behalf of the organisation is reasonably accurate and complete.
  • Retention Limitation: Organisations must cease retaining personal data or remove how the data can be associated with particular individuals when it is no longer necessary for any business or legal purposes. These records should also be deleted or anonymised.
  • Transfer Limitation: Personal data can only be transferred to another country if the overseas recipient is able to provide a standard of protection that is comparable to the protection under the

Ensuring that Your Organisation Aligns With PDPA Requirements

At CSIntelligence, we not only help organisations review PDPA policies and procedures, but we also assist them in establishing adequate technical controls. Get in touch with our consultants today.

Ready to secure your organisation?

    What cybersecurity services are you interested in?

    By submitting this form, you agree to our Privacy Policy.


    Contact Us
    Emergency Hotline

    +65 977 24 999
    CS Rescue

    CSIntelligence Pte Ltd

    298 Tiong Bahru Road
    #12-03 Central Plaza
    Singapore 168730

    Have any questions?

    © 2020 CSIntelligence Asia. All Rights Reserved.