PDPA & Data Protection Officer
Personal Data in Singapore is protected by the Personal Data Protection Act 2012 (“PDPA”) which came into effect in 2014. Essentially, the PDPA governs the collection, use and disclosure of personal data legitimately.
Most organisations in Singapore handle personal data in one way or another. In order to ensure that such personal data is appropriately safeguarded and responsibly managed, the PDPA stipulates that it is mandatory for such organisations to appoint a Data Protection Officer (“DPO”).
The DPO can be an individual or a team and they can be employees of the organisation or an externally appointed third-party. The key role of the DPO will be to ascertain that the policies and practises of the organisation in relation to personal data comply with the requirements under the PDPA.
The Personal Data Protection Commission (“PDPC”) in Singapore administers and enforces the PDPA and serves as Singapore’s main authority in matters relating to personal data protection. PDPC has recently collaborated with the Accounting and Corporate Regulatory Authority (“ACRA”) to allow for organisations registered with ACRA to register and/or update their DPO’s name and contact information via ACRA’s BizFile+ using their CorpPass accounts. With this in place, ACRA-registered organisations that wish to register their DPO details on the PDPC website will now be automatically directed to ACRA’s BizFile+ to do the registration. Non-ACRA registered organisation can continue to register details of their DPO on the PDPC website.
Though registering details of the Data Protection Officer is not mandatory, it is highly encouraged as this will help DPOs stay connected and keep abreast of relevant personal data protection developments in Singapore to ensure continued compliance with the PDPA. With the shift towards companies demonstrating Accountability towards PDPA and not just passive compliance a DPO is more important than ever. If you would like to know more about what demonstrating Accountability means for your business head over to our article written with PDPA expert Straits Interactive for more information
Register your DPO via ACRA's Bizfile Now
Registration and updating of Data Protection Officers’ (“DPOs”) details is now more convenient for Accounting and Corporate Regulatory Authority (“ACRA”) registered companies.
The recent collaboration between the Personal Data Protection Commission (“PDPC”) and ACRA enables ACRA-registered companies to enrol their DPO under ACRA’s BizFile+ platform instead of the PDPC’s website.
If you would like more information on this recent change, reach out to our Corporate Secretarial experts today.