PDPA: Why every business in Singapore needs to take data more seriously!

November 8, 2021

That Singapore is a major regional & international business hub is news to no one. But the fact that 99% of all enterprises in Singapore are small-medium enterprises is quite an astonishing fact – if you’re a business owner of such an enterprise in Singapore, the latest news of legislation regarding data regulation is worth taking immediate action – or you might just have to face the consequences.

Owing to the rise in data breaches – in 2020 alone 6100 data breach complaints were filed against private organizations – and a global increase in demanding privacy, Singapore also has tightened the noose with the legislation that allows wider enforcement controls for Singapore’s Personal Data Protection Commission a.k.a PDPC.

The updated legislation that soon comes into effect should concern business owners or brand marketers of every enterprise but especially the SMEs that may fall into the breach of such offenses merely by oversight – that may not be aware of the data they collect and hold, or that they may unwittingly process through erroneous channels.

Let’s take a look at the details.

A heavier price to pay

Coming into effect from February 1, 2022 (which is right around the corner) – Singapore has raised the penalty for organizations that take inadequate efforts in or that wilfully disregard safeguarding their consumer data. The penalty for such offenses ranges from up to S$1 million to 10% of the business’s total annual turnover.

For companies that are desperately competing in a post-pandemic market, such a heavy penalty could be the deciding factor as the PDPC intends, to a more serious outlook on upholding stricter data regulations.

While the penalty would be a definite deterrent, an awareness of the measures that businesses must take is essential too.

What constitutes an offense?

To not be in breach of the renewed PDPA legislations, businesses will have to adopt a stricter data regime that ensures their compliance in several ways.

In order to comply with the law, an organization should especially keep an eye on following:

  • Use data only for purposes defined and to be sure to notify customers and obtain consent if their data is being disclosed, collected, or used. (For example – you can’t use John’s data that you collect from a form on your website for Facebook Ads or Email Marketing without telling him and having his permission.)
  • Be able to provide information on how a customer’s data has been used in the past 12 months. (Which means that companies had better take good care of building a neat database of these actions.)
  • Ensure that personal data is complete and accurate, as well as kept secure from unauthorized access, modification, use, disclosure.
  • Retain data only when needed and erase it when no longer needed.
  • Ensure that any affiliated external organizations and overseas external organizations provide a comparable standard of protection.
  • Designate a Data Protection Officer to ensure compliance with the legislation and publish their contact information.
  • Make PDPA policies available to the public and employees and observe the privacy of the National DNC (Do Not Call) registry.
  • Have available all customer records in a common machine-readable format if requested.

How is it different from other privacy laws?

From PDPA to GDPR to other data privacy regulations, the playing field can be difficult for an organization to tackle. But a clear understanding of the salient differences between the PDPA and the most prevalent – GDPR is essential for organizations to know just what changes, and what doesn’t.

How can you take action to stay safe?

We’ve always loved all things data – from providing solutions for the cookie-less future to making your business more efficient by helping you to collect, analyze and activate your consumer data. This is why we’ve made it our mission to help our clients retain control of their data and stay compliant within the several frameworks internationally.

Meiro Customer Data Platform puts the power of data back into your hands – without the fear of falling astray by breaching compliance issues. How do we make that happen?

By simply giving you complete control over all your data wherever it is – on-premise or in the cloud. You retain full control over all access points and user rights. It cleanses your data and traces it back to the original source – mapping across sources and systems. So even if you need to track all the data of a single customer – all it takes is one or two clicks.

Not to mention, with intuitive controls on Meiro CDP you can also set rules that include or exclude customers according to their privacy preferences. This complete control of data governance makes it easy to support your consumer’s right to privacy and keep up with the new legislation of the PDPA. And to quickly adapt to any newer rules that may come along too.

How quickly you adapt to the changing conditions of the PDPA can mean the difference between staying out of legal implications and seeing success by utilizing your data more efficiently and effectively. As always, we’re here at Meiro to help you out with any expert advice you might need about the PDPA to futureproof your business – or if you’re just looking to brainstorm your data strategy. Give us a ping and we’ll catch up over a coffee soon!