FAQs | Feedback

Home
Browse

Acts
Current Repealed/Spent Uncommenced

Subsidiary Legislation
Current Revoked/Spent Uncommenced

AS PUBLISHED
Acts Supplement Bills Supplement Subsidiary Legislation Supplement Revised Editions of Acts Revised Editions of Subsidiary Legislation

QUICK LINKS
Constitutional Instruments
Basic Acts Subsidiary Legislation
Interpretation Act Private Acts English Acts Imperial Acts Honours/Awards Frequently Accessed Legislation
What's New

Announcements Courses New Legislation
Help

FAQs SSO Guide Video Guides
About Us
FAQs
Feedback

My Collections
Search

Personal Data Protection Act 2012

Status:

Current version
as at 22 Nov 2024

Print

Select the provisions you wish to print using the checkboxes and then click the relevant "Print"

Personal Data Protection Act 2012

Table of Contents

Long Title

Part 1 PRELIMINARY

1 Short title

2 Interpretation

3 Purpose

4 Application of Act

Part 2 PERSONAL DATA PROTECTION COMMISSION AND ADMINISTRATION

5 Personal Data Protection Commission

6 Functions of Commission

7 Advisory committees

8 Delegation

9 Conduct of proceedings

10 Cooperation agreements

Part 3 GENERAL RULES WITH RESPECT TO PROTECTION OF AND ACCOUNTABILITY FOR PERSONAL DATA

11 Compliance with Act

12 Policies and practices

Part 4 COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA

Division 1 — Consent

13 Consent required

14 Provision of consent

15 Deemed consent

15A Deemed consent by notification

16 Withdrawal of consent

17 Collection, use and disclosure without consent

Division 2 — Purpose

18 Limitation of purpose and extent

19 Personal data collected before 2 July 2014

20 Notification of purpose

Part 5 ACCESS TO AND CORRECTION OF PERSONAL DATA

21 Access to personal data

22 Correction of personal data

22A Preservation of copies of personal data

Part 6 CARE OF PERSONAL DATA

23 Accuracy of personal data

24 Protection of personal data

25 Retention of personal data

26 Transfer of personal data outside Singapore

Part 6A NOTIFICATION OF DATA BREACHES

26A Interpretation of this Part

26B Notifiable data breaches

26C Duty to conduct assessment of data breach

26D Duty to notify occurrence of notifiable data breach

26E Obligations of data intermediary of public agency

Part 7

27 (Repealed)

28 (Repealed)

29 (Repealed)

30 (Repealed)

31 (Repealed)

32 (Repealed)

Part 8

33 (Repealed)

34 (Repealed)

35 (Repealed)

Part 9 DO NOT CALL REGISTRY

Division 1 — Preliminary

36 Interpretation of this Part

37 Meaning of "specified message"

38 Application of this Part

Division 2 — Administration

39 Register

40 Applications

41 Evidence

42 Information on terminated Singapore telephone number

Division 3 — Specified message to Singapore telephone number

43 Duty to check register

43A Duty of checkers

44 Contact information

45 Calling line identity not to be concealed

46 Consent

47 Withdrawal of consent

48 Defence for employee

Part 9A DICTIONARY ATTACKS AND ADDRESS‑HARVESTING SOFTWARE

48A Interpretation of this Part

48B Prohibition on use of dictionary attacks and address‑harvesting software

Part 9B OFFENCES AFFECTING PERSONAL DATA AND ANONYMISED INFORMATION

48C Interpretation and application of this Part

48D Unauthorised disclosure of personal data

48E Improper use of personal data

48F Unauthorised re‑identification of anonymised information

Part 9C ENFORCEMENT

48G Alternative dispute resolution

48H Power to review

48I Directions for non‑compliance

48J Financial penalties

48K Procedure for giving of directions and imposing of financial penalty

48L Voluntary undertakings

48M Enforcement of directions of or written notices by Commission in District Court

48N Reconsideration of directions or decisions

48O Right of private action

Part 9D APPEALS

48P Data Protection Appeal Panel and Data Protection Appeal Committees

48Q Appeal from direction or decision of Commission

48R Appeals to General Division of High Court, etc.

Part 10 GENERAL

49 Advisory guidelines

50 Powers of investigation

51 Offences and penalties

52 Offences by corporations

52A Offences by unincorporated associations or partnerships

53 Liability of employers for acts of employees

54 Jurisdiction of court

55 Composition of offences

56 General penalties

57 Public servants and public officers

58 Evidence in proceedings

59 Preservation of secrecy

60 Protection from personal liability

61 Symbol of Commission

62 Power to exempt

63 Certificate as to national interest

64 Amendment of Schedules

65 Power to make regulations

66 Rules of Court

67 Saving and transitional provisions

68 Dissolution

FIRST SCHEDULE Collection, use and disclosure of personal data without consent

SECOND SCHEDULE Additional bases for collection, use and disclosure of personal data without consent

THIRD SCHEDULE Repealed

FOURTH SCHEDULE Repealed

FIFTH SCHEDULE Exceptions from access requirement

SIXTH SCHEDULE Exceptions from correction requirement

SEVENTH SCHEDULE Constitution and proceedings of Data Protection Appeal Panel and Data Protection Appeal Committees

EIGHTH SCHEDULE Exclusion from meaning of "specified message"

NINTH SCHEDULE Powers of investigation of Commission and Inspectors

TENTH SCHEDULE Applicable purposes

ELEVENTH SCHEDULE Specified purposes

Legislative History

Abbreviations

HTML
PDF
Word

Table Of Contents

Personal Data Protection Act 2012

Status:

Current version
as at 22 Nov 2024

Please check the legislation timeline to ensure that you are viewing the correct legislation version. See also FAQ B3.

Subsidiary Legislation
Hide Amendment Annotation
Add to My Collections
Amendments RSS Feed
Print
Help

Timeline

Document
Provision

Versions

or

find current version as at

01 Oct 2022

Amended by
Act 40 of 2020
01 Apr 2022

Amended by
Act 25 of 2021
31 Dec 2021

2020 RevEd
01 Feb 2021

Amended by
Act 40 of 2020
02 Jan 2021

Amended by
Act 40 of 2019
02 Oct 2016

Amended by
Act 22 of 2016
01 Oct 2016

Amended by
Act 22 of 2016
03 Jan 2016

Amended by
Act 29 of 2014
23 Jan 2015

Amended by
S 19/2015
02 Jul 2014

Act 26 of 2012
02 Jan 2014

Act 26 of 2012
02 Dec 2013

Act 26 of 2012
02 Jan 2013

Act 26 of 2012

Table of Contents

Personal Data Protection Act 2012
Long Title Part 1 PRELIMINARY

2 Interpretation

4 Application of Act

Part 2 PERSONAL DATA PROTECTION COMMISSION AND ADMINISTRATION

5 Personal Data Protection Commission

6 Functions of Commission

7 Advisory committees

9 Conduct of proceedings

10 Cooperation agreements

Part 3 GENERAL RULES WITH RESPECT TO PROTECTION OF AND ACCOUNTABILITY FOR PERSONAL DATA

11 Compliance with Act

12 Policies and practices

Part 4 COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA Division 1 — Consent

13 Consent required

14 Provision of consent

15 Deemed consent

15A Deemed consent by notification

16 Withdrawal of consent

17 Collection, use and disclosure without consent

Division 2 — Purpose

18 Limitation of purpose and extent

19 Personal data collected before 2 July 2014

20 Notification of purpose

Part 5 ACCESS TO AND CORRECTION OF PERSONAL DATA

21 Access to personal data

22 Correction of personal data

22A Preservation of copies of personal data

Part 6 CARE OF PERSONAL DATA

23 Accuracy of personal data

24 Protection of personal data

25 Retention of personal data

26 Transfer of personal data outside Singapore

Part 6A NOTIFICATION OF DATA BREACHES

26A Interpretation of this Part

26B Notifiable data breaches

26C Duty to conduct assessment of data breach

26D Duty to notify occurrence of notifiable data breach

26E Obligations of data intermediary of public agency

Part 9 DO NOT CALL REGISTRY Division 1 — Preliminary

36 Interpretation of this Part

37 Meaning of "specified message"

38 Application of this Part

Division 2 — Administration

40 Applications

42 Information on terminated Singapore telephone number

Division 3 — Specified message to Singapore telephone number

43 Duty to check register

43A Duty of checkers

44 Contact information

45 Calling line identity not to be concealed

47 Withdrawal of consent

48 Defence for employee

Part 9A DICTIONARY ATTACKS AND ADDRESS‑HARVESTING SOFTWARE

48A Interpretation of this Part

48B Prohibition on use of dictionary attacks and address‑harvesting software

Part 9B OFFENCES AFFECTING PERSONAL DATA AND ANONYMISED INFORMATION

48C Interpretation and application of this Part

48D Unauthorised disclosure of personal data

48E Improper use of personal data

48F Unauthorised re‑identification of anonymised information

Part 9C ENFORCEMENT

48G Alternative dispute resolution

48H Power to review

48I Directions for non‑compliance

48J Financial penalties

48K Procedure for giving of directions and imposing of financial penalty

48L Voluntary undertakings

48M Enforcement of directions of or written notices by Commission in District Court

48N Reconsideration of directions or decisions

48O Right of private action

Part 9D APPEALS

48P Data Protection Appeal Panel and Data Protection Appeal Committees

48Q Appeal from direction or decision of Commission

48R Appeals to General Division of High Court, etc.

Part 10 GENERAL

49 Advisory guidelines

50 Powers of investigation

51 Offences and penalties

52 Offences by corporations

52A Offences by unincorporated associations or partnerships

53 Liability of employers for acts of employees

54 Jurisdiction of court

55 Composition of offences

56 General penalties

57 Public servants and public officers

58 Evidence in proceedings

59 Preservation of secrecy

60 Protection from personal liability

61 Symbol of Commission

62 Power to exempt

63 Certificate as to national interest

64 Amendment of Schedules

65 Power to make regulations

66 Rules of Court

67 Saving and transitional provisions

FIRST SCHEDULE Collection, use and disclosure of personal data without consent SECOND SCHEDULE Additional bases for collection, use and disclosure of personal data without consent THIRD SCHEDULE Repealed FOURTH SCHEDULE Repealed FIFTH SCHEDULE Exceptions from access requirement SIXTH SCHEDULE Exceptions from correction requirement SEVENTH SCHEDULE Constitution and proceedings of Data Protection Appeal Panel and Data Protection Appeal Committees EIGHTH SCHEDULE Exclusion from meaning of "specified message" NINTH SCHEDULE Powers of investigation of Commission and Inspectors TENTH SCHEDULE Applicable purposes ELEVENTH SCHEDULE Specified purposes Legislative History Abbreviations

Personal Data Protection Act 2012

Status:

Current version as at 22 Nov 2024

Timeline
Subsidiary Legislation
Amendment Annotation

Loading...
Actions
- Add to My Collections
- Amendments RSS Feed

Document
Provision

02 Jan 2013

Act 26 of 2012
02 Dec 2013

Act 26 of 2012
02 Jan 2014

Act 26 of 2012
02 Jul 2014

Act 26 of 2012
23 Jan 2015

Amended by
S 19/2015
03 Jan 2016

Amended by
Act 29 of 2014
01 Oct 2016

Amended by
Act 22 of 2016
02 Oct 2016

Amended by
Act 22 of 2016
02 Jan 2021

Amended by
Act 40 of 2019
01 Feb 2021

Amended by
Act 40 of 2020
31 Dec 2021

2020 RevEd
01 Apr 2022

Amended by
Act 25 of 2021
01 Oct 2022

Amended by
Act 40 of 2020

Versions

or find current version as at

Search within Legislation

Search Results

Singapore Statutes Online

FAQs
Feedback
Sitemap

Report Vulnerability
Privacy Statement
Terms of Use

© 2024 Attorney-General's Chambers of Singapore,
Last updated 21 Nov 2024
Singapore Statutes Online is provided by the Legislation Division of the Attorney-General's Chambers of Singapore.