The Personal Data Protection Act 2012 sets out the law on [|data protection] in Singapore. Apart from establishing a general data protection regime, the Act also regulates telemarketing practices.
The Act establishes the Personal Data Protection Commission. The PDPC is Singapore's primary data protection authority, and also administers the [|Do Not Call Registry]. Among other matters, the PDPC issues advisory guidelines on the Act, and also enforces the Act.
Advisory guidelines
The PDPC publishes a comprehensive set of guidelines. The guidelines provide guidance on how the PDPC interprets the Act. They are advisory in nature, and are not legally binding. The guidelines serve as accessible reference material for organisations seeking to comply with the Act.
Data protection
The Act establishes a general data protection regime, comprising nine data protection obligations which are imposed on organisations.
[|Consent Obligation]
[|Purpose Limitation Obligation]
[|Notification Obligation]
[|Access and Correction Obligation]
[|Accuracy Obligation]
[|Protection Obligation]
[|Retention Limitation Obligation]
[|Transfer Limitation Obligation]
[|Openness Obligation]
The PDPC's Advisory Guidelines on Key Concepts in the Personal Data Protection Act gives detailed guidance on each of these obligations.
Consent Obligation
The Consent Obligation is the first data protection obligation in the Act. According to the PDPC:
Purpose Limitation Obligation
The Purpose Limitation Obligation is the second data protection obligation in the Act. According to the PDPC:
Notification Obligation
The Notification Obligation is the third data protection obligation in the Act. According to the PDPC:
Access and Correction Obligation
The Access and Correction Obligation is the fourth data protection obligation in the Act. According to the PDPC:
Accuracy Obligation
The Accuracy Obligation is the fifth data protection obligation in the Act. According to the PDPC:
Protection Obligation
The Protection Obligation is the sixth data protection obligation in the Act. According to the PDPC:
Retention Limitation Obligation
The Retention Limitation Obligation is the seventh data protection obligation in the Act. According to the PDPC:
Transfer Limitation Obligation
The Transfer Limitation Obligation is the eighth data protection obligation in the Act. According to the PDPC:
Openness Obligation
The Openness Obligation is the ninth data protection obligation in the Act. According to the PDPC:
Telemarketing
The Act also regulates telemarketing practices in Singapore. First, the Act establishes the Do Not Call Registers, on which telephone numbers may be registered. As of 30 April 2017, there are three Do Not Call Registers: the No Fax Message Register; the No Text Message Register; and the No Voice Call Register. Generally, if a telephone number is listed on a Do Not Call Register, then it is not permitted to send a marketing message of the relevant kind to that telephone number. Second, the Act imposes duties to provide information on, and to not conceal, the identities of the senders of marketing messages. The PDPC's Advisory Guidelines on the Do Not Call Provisions gives detailed guidance on the Do Not Call provisions of the Act.
