Personal Data Protection Act 2012

Select the provisions you wish to print using the checkboxes and then click the relevant "Print"

4 Application of Act

5 Personal Data Protection Commission

6 Functions of Commission

7 Advisory committees

9 Conduct of proceedings

10 Cooperation agreements

11 Compliance with Act

12 Policies and practices

14 Provision of consent

15A Deemed consent by notification

16 Withdrawal of consent

17 Collection, use and disclosure without consent

18 Limitation of purpose and extent

19 Personal data collected before 2 July 2014

20 Notification of purpose

21 Access to personal data

22 Correction of personal data

22A Preservation of copies of personal data

23 Accuracy of personal data

24 Protection of personal data

25 Retention of personal data

26 Transfer of personal data outside Singapore

26A Interpretation of this Part

26B Notifiable data breaches

26C Duty to conduct assessment of data breach

26D Duty to notify occurrence of notifiable data breach

26E Obligations of data intermediary of public agency

36 Interpretation of this Part

37 Meaning of "specified message"

38 Application of this Part

42 Information on terminated Singapore telephone number

43 Duty to check register

43A Duty of checkers

44 Contact information

45 Calling line identity not to be concealed

47 Withdrawal of consent

48 Defence for employee

48A Interpretation of this Part

48B Prohibition on use of dictionary attacks and address‑harvesting software

48C Interpretation and application of this Part

48D Unauthorised disclosure of personal data

48E Improper use of personal data

48F Unauthorised re‑identification of anonymised information

48G Alternative dispute resolution

48I Directions for non‑compliance

48J Financial penalties

48K Procedure for giving of directions and imposing of financial penalty

48L Voluntary undertakings

48M Enforcement of directions of or written notices by Commission in District Court

48N Reconsideration of directions or decisions

48O Right of private action

48P Data Protection Appeal Panel and Data Protection Appeal Committees

48Q Appeal from direction or decision of Commission

48R Appeals to General Division of High Court, etc.

49 Advisory guidelines

50 Powers of investigation

51 Offences and penalties

52 Offences by corporations

52A Offences by unincorporated associations or partnerships

53 Liability of employers for acts of employees

54 Jurisdiction of court

55 Composition of offences

56 General penalties

57 Public servants and public officers

58 Evidence in proceedings

59 Preservation of secrecy

60 Protection from personal liability

61 Symbol of Commission

63 Certificate as to national interest

64 Amendment of Schedules

65 Power to make regulations

67 Saving and transitional provisions

PART 3

GENERAL RULES WITH RESPECT TO
PROTECTION OF AND ACCOUNTABILITY FOR
PERSONAL DATA

[40/2020]

Compliance with Act

11.—(1) In meeting its responsibilities under this Act, an organisation must consider what a reasonable person would consider appropriate in the circumstances.

(2) An organisation is responsible for personal data in its possession or under its control.

(3) An organisation must designate one or more individuals to be responsible for ensuring that the organisation complies with this Act.

(4) An individual designated under subsection (3) may delegate to another individual the responsibility conferred by that designation.

(5) An organisation must make available to the public the business contact information of at least one of the individuals designated under subsection (3) or delegated under subsection (4).

(5A) Without limiting subsection (5), an organisation is deemed to have satisfied that subsection if the organisation makes available the business contact information of any individual mentioned in subsection (3) in any prescribed manner.

[40/2020]

(6) The designation of an individual by an organisation under subsection (3) does not relieve the organisation of any of its obligations under this Act.

Policies and practices

12. An organisation must —

(a)

develop and implement policies and practices that are necessary for the organisation to meet the obligations of the organisation under this Act;

(b)

develop a process to receive and respond to complaints that may arise with respect to the application of this Act;

(c)

communicate to its staff information about the organisation’s policies and practices mentioned in paragraph (a); and

(d)

make information available on request about —

(i)	the policies and practices mentioned in paragraph (a); and
(ii)	the complaint process mentioned in paragraph (b).

Search within Legislation