No. S 398
Personal Data Protection Act 2012
(ACT 26 OF 2012)
Personal Data Protection
(Amendment) Regulations 2020
In exercise of the powers conferred by section 65 of the Personal Data Protection Act 2012, the Personal Data Protection Commission, with the approval of the Minister for Communications and Information, makes the following Regulations:
Citation and commencement
1.  These Regulations are the Personal Data Protection (Amendment) Regulations 2020 and come into operation on 1 June 2020.
New regulation 10A
2.  The Personal Data Protection Regulations 2014 (G.N. No. S 362/2014) are amended by inserting, immediately after regulation 10, the following regulation:
Recipients holding specified certifications
10A.—(1)  For the purposes of regulation 9(1)(b), a recipient of an individual’s personal data in a country or territory outside Singapore is taken to be bound by legally enforceable obligations to provide a standard of protection for the transferred personal data that is at least comparable to the protection under the Act if the recipient holds a specified certification that is granted or recognised under the law of that country or territory to which the personal data is transferred.
(2)  In this regulation, “specified certification”, in relation to a recipient of an individual’s personal data, means a certification under —
(a)where the recipient is a data intermediary — the Asia‑Pacific Economic Cooperation Privacy Recognition for Processors System; or
(b)in any other case — the Asia‑Pacific Economic Cooperation Cross Border Privacy Rules System.”.
Made on 26 May 2020.
TAN KIAT HOW
Commissioner for
Personal Data Protection,
Personal Data Protection Commission,
Singapore
[MCI/AN14.006.001.EV1/17; AG/LEGIS/SL/227A/2015/8 Vol. 1]