The Personal Data Protection Commission recently released new guidance, including an update to the Guide to Data Protection Practices for ICT Systems, a Handbook on How to Guard Against Common Types of Data Breaches, and Checklists to Guard Against Common Types of Data Breaches.

On 25 May 2021, the Singapore High Court provided long-awaited clarifications on the scope of private actions under the Personal Data Protection Act 2012 (PDPA). It was held that in order to succeed in a private action under the PDPA, the claimant must suffer loss or damage that falls within the common law heads of loss or damage (such as pecuniary loss, damage to property, and personal injury including psychiatric illness) directly as a result of contravention of certain PDPA provisions.

On 1 February 2021, certain sections of the Personal Data Protection (Amendment) Act 2020 came into effect as part of a phased implementation.

We had previously summarised in our earlier client alerts the changes proposed during the public consultation (“Consultation Paper”) on the Personal Data Protection (Amendment) Bill (“Bill”), as well as the salient differences between the Consultation Paper and the Bill that was introduced and read in the Singapore Parliament on 5 October 2020. The Bill has since been passed by Parliament on 2 November 2020 (“Act”) and the accompanying guidelines issued in draft form by the Personal Data Protection Commission (PDPC) on 20 November 2020, which we have summarised in another client alert, has since been integrated into the other guidelines issued by the PDPC.

In this client alert, we will further elaborate on some provisions of the Act that came into effect on 1 February 2021.

On 20 November 2020, the Personal Data Protection Commission (PDPC) issued the draft Advisory Guidelines on Key Provisions of the Personal Data Protection (Amendment) Bill (“Guidelines”). 

We had summarized in our previous client alerts the changes proposed during the public consultation (“Consultation Paper”) on the Personal Data Protection (Amendment) Bill (“Bill”), as well as the salient differences between the Consultation Paper and the Bill that was introduced and read in the Singapore Parliament on 5 October 2020. The Bill has since been passed by Parliament on 2 November 2020 (“Act”). 

For this client alert, we will focus on a few pertinent points that have been highlighted in the Guidelines.

Singapore updated its strategic goods control regime on 3 August 2020 to ensure robust administration of controls and effective risk assessments, while ensuring the facilitation of legitimate trade. Key amendments include ensuring individual and bulk permit holders have access to English translations for strategic trade records kept in other languages. For bulk permit holders, expanded document categories under recordkeeping requirements and monthly reporting will apply. A new offence has also been created for failing to amend permits in the event that information submitted under initial permit application processes subsequently change.

On 22 May 2019, the Personal Data Protection Commission (“PDPC”) launched a guide titled “Guide to Managing Data Breaches 2.0” (the “Guide”) that refreshes an earlier guide on the topic that was published in 2015. The refreshed Guide retains some of the best practices for managing data breaches in the earlier guide and…