Personal Data & Data Protection in Singapore (PDPA)

  • The Personal Data Protection Act 2012 (“PDPA”) governs the collection, use and disclosure of personal data by private organisations. It involves various obligations relating to the Do-Not-Call Registry (“DNC Obligations”), which came into force on 2 January 2014, and the protection of Personal Data (“DP Obligations”) which became operational on 2 July 2014.
  • Organisations which fail to comply with the PDPA may be fined up to 10% of its annual turnover or $1 million, whichever is the higher.
  • The PDPA serves to govern the collection, use and disclosure of Personal Data by organizations in a manner that recognizes both the rights of individuals to protect their PD and the need of organizations to collect, use or disclose PD for purposes that a reasonable person would consider appropriate in certain circumstances.
  • NUS handles a large amount of Personal Data and we take PDP very seriously. We work continuously to ensure our policies and processes are up-to-date and in compliance with the obligations of the PDPA.
 

The following provides useful links and information about PDP legislation and related terminology.


  • “Personal Data” is defined under the PDPA as:
    • data,
    • whether true or not,
    • about an individual who can be identified from that data; or from that data and other information to which the organisation has or is likely to have access.



dataprotection


  • The Do Not Call (“DNC”) provisions generally prohibit organisations from sending unsolicited marketing messages (in the form of voice calls, text or fax messages) to Singapore telephone numbers, registered with the National DNC Registry.
  • Messages carrying commercial intent to provide products/services are regulated by the DNC provisions. For more information, please visit https://www.pdpc.gov.sg/Overview-of-PDPA/Do-Not-Call-Registry
  • An internal, central NUS DNC registry has been established to assist in the filtering of numbers and checking with the national DNC registry. The NUS DNC registry is managed by the DPO and all checks with the national DNC registry are carried out by the DPO and the Points of Contact for the respective departments/units.
  • Individuals may still provide their clear and unambiguous consent to receive Marketing Messages from NUS, notwithstanding that they have registered on the national DNC Registry. All individuals who wish to provide such clear and unambiguous consent to NUS may register at the following website: https://myaces.nus.edu.sg/DNC/.