Singapore: Imminent Changes to the Personal Data Protection Act 2012 (PDPA)

On 5 October 2020, the Personal Data Protection (Amendment) Bill (Bill) was tabled in Parliament for the first reading. It is expected that the Bill will be passed before the end of the year if not sooner.

Unlike when the PDPA first came into force in 2014, the Bill does not provide a grace period for compliance. This means that organisations must be ready to comply with the new requirements once the Bill is passed.

The changes to the PDPA introduced by the Bill closely resemble those contained in the draft Bill, including:

1. Mandatory data breach notification to individuals and the Personal Data Protection Commission;
2. An expanded deemed consent framework;
3. Exceptions to consent: New exceptions to the express consent requirement under legitimate interests and business improvements;
4. Increased financial penalty: An increased financial penalty of up to 10% of the annual turnover of the organization with an annual turnover exceeding USD10 million, or USD1 million, whichever is higher; and
5. New rights: A new right of data portability for individuals.

For more details of these changes, please refer to our previous alert.

The Bill is available here.

For more information, please contact Carolyn Bigg (Partner) or Yue Lin Lee (Associate).

DLA Piper Singapore Pte. Ltd. is licensed to operate as a foreign law practice in Singapore. Where advice on Singapore law is required, we will refer the matter to and work with licensed Singapore law practices where necessary.