Personal Data Protection Act (PDPA)

1. Purpose Limitation Only use or disclose personal data for the purposes defined. 2. Notification

1. Purpose Limitation

Only use or disclose personal data for the purposes defined.

2. Notification

Inform the individuals on the purposes for collection, use and disclosure of their personal data during collection.

3. Consent

Ensure that the consent has been obtained from the individuals before collecting, using or disclosure of the personal data.

4. Access and Correction

Upon request, provide the personal data of the individual and information on how the individual’s personal data has been used or disclosed in the past year. Correct an individual’s personal data upon request.

5. Accuracy

Ensure that personal data is accurate and complete during collection or when making a decision which will affect the individual.

6. Protection

Keep personal data in your possession secure from unauthorised access, modification, disclosure, use, copying, whether in hardcopy or electronic form.

7. Retention Limitation

Retain personal data only for business/legal purposes and securely destroy personal data when no longer needed.

8. Transfer Limitation

Ensure overseas external organisations provide a standard of protection comparable to the protection under the Singapore PDPA

9. Openness

Designate a Data Protection Officer and publish his/her business contact information. Make available personal data protection policies and practices to public and employees, including complaint process.

10. Do-Not-Call (DNC)

Do not send marketing messages to individuals who have registered in the National DNC registry through voice, text messages or fax unless you have obtained their clear and unambiguous consent or have an on-going relationship (for text / fax).

Source Article