It’s true! The Personal Data Protection Act of 2012 (PDPA) places certain obligations on businesses that collect personal data and it also affords you with certain rights. Let’s go through a list of the main points covered by the PDPA:
- Consent Obligation – Businesses can only collect, use or disclose personal data for purposes for which you have given your consent.
- Purpose Limitation Obligation – Businesses may collect, use or disclose personal data about you only for purposes that a reasonable person would consider appropriate in the circumstances for which you have given your consent.
- Notification Obligation – The business must notify individuals of the purpose(s) for which they are intending to collect, use or disseminate your personal data before such collection, use or dissemination of your personal data.
- Access and Correction Obligation – Upon request, the business must allow you to access or update your data.
- Accuracy Obligation – Businesses are obligated to make reasonable effort to ensure that your personal data is accurate and complete.
- Protection Obligation – Businesses must take reasonable security measures to protect your personal data.
- Retention Limitation Obligation – Businesses must cease retention of your personal data or remove the means by which the personal data can be associated with particular individuals when it is no longer necessary for any business or legal purpose.
- Transfer Limitation Obligation – Transfer of your personal data to another country is allowed only according to the requirements prescribed under the regulations, to ensure that the standard of protection provided to the personal data so transferred will be comparable to the protection under the PDPA, unless exempted by the PDPC.
- Openness Obligation – Businesses must make information about their data protection policies, practices and complaint resolution process available upon request.
You can learn more about the PDPA on the Personal Data Protection Commission Singapore’s (PDPC) website by clicking here.