top of page
  • a22162

About the PDPA

The Personal Data Protection Act (PDPA) governs the collection, use and disclosure of personal data by organisations, in a manner that recognises individuals’ rights and the need of organisations to use such personal data for legitimate business purposes.

How To Handle Personal Data

Do you collect, use or disclose personal data of employees, customers or other individuals? If the answer is yes, you should ensure that your organisation has put in place systems, policies and processes to comply with the Personal Data Protection Act.

The PDPA contains two main sets of provisions; namely Data Protection (DP) provisions and the Do Not Call (DNC) provisions.

Do Not Call (DNC) Provisions

The DNC Provisions prohibit organisations from sending certain marketing messages to Singapore telephone numbers including mobile, fixed line, residential and business numbers registered with the DNC Registry.

Appoint A Data Protection Officer

All organisations, including sole proprietors and non-profit organisations, must appoint at least one person as the Data Protection Officer (DPO). The DPO function is management’s responsibility and, ideally, the appointed DPO should be part of the management team, or at least have a direct line to management. The operational DPO functions, however, may be delegated to one or a few employees, or outsourced to a service provider.


A Data Protection Management Programme (DPMP) lays the foundation and provides a systematic approach for an organisation’s data protection initiatives. It covers management policies and processes for the handling of personal data as well as defines governance and the roles and responsibilities of the people in the organisation in relation to personal data protection.

How to develop a DPMP?


There is no ‘one size fits all’ DPMP, and organisations should consider developing a DPMP that is reasonable and appropriate for their business need. Nevertheless, organisations may wish to follow the suggested steps below.


A personal data protection policy sets the direction and course of action by the organisation to meet its obligations under the PDPA.


People are the backbone behind all measures and their roles and responsibilities in personal data protection should be defined and understood throughout the organisation.


Organisations may need to create, update or revise their processes to address the handling of personal data throughout the data lifecycle (from collection to disposal/archival).

DP Advisory

Innovative and responsible use of data can provide competitive advantage by enabling new service offerings, as well as increase consumer confidence in an organisation.

To help SMEs in Singapore use data responsibly, you may appoint Bestar DP Advisors to provide tailored support and assistance.

You may consider engaging our professional services to conduct a comprehensive assessment to evaluate your organisation’s needs.

Advisory Services

• Learn about your data protection obligations

• Uncover potential data protection gaps in your business processes

• Locate useful data protection resources

• Find out more about financial assistance schemes available • Receive in-depth, targeted advice tailored to your organisation’s key business processes

For more information about DPMP, please contact Bestar.

28 views0 comments
bottom of page