BR Law Corporation
br@brlawcorp.com +65 6899 9888
  • Our Team
  • Practice Areas
  • News and Insights
  • Join Us
  • Contact Us
br@brlawcorp.com +65 6899 9888

Key Updates to the PDPA Introduced by the Personal Data Protection (Amendment) Act 2020 (Part 3 – Offences, Enforcement, and Others)

 
10 May 2021
Dharma Sadasivan
Picture
The Personal Data Protection (Amendment) Act 2020 (the “Amendment Act”) was passed in Parliament on 02 November 2020, and is partially in force as of 01 February 2021. The Amendment Act marks the first comprehensive review of the Personal Data Protection Act 2012 (“PDPA”) since its enactment, and is the culmination of a series of consultations between the Ministry of Communications and Information (“MCI”), the Personal Data Protection Commission (“PDPC”) as well as public and industry stakeholders.
 
This article, the final in a 3-part series, highlights some key updates to the PDPA introduced by the Amendment Act, and focuses on updates relating to offences and enforcement, as well as miscellaneous key updates.
​Increased Financial Penalty Cap (not yet in force)

Where an organisation is in breach of its data protection obligations, the Amendment Act will empower the PDPC through section 48J of the PDPA to impose a financial penalty of up to S$1 million or 10% of the organisation’s annual turnover in Singapore, whichever is higher. At present, the maximum financial penalty that the PDPC may impose on an organisation is S$1 million.
 
Section 48J will also empower the PDPC to impose on organisations that have breached the prohibition against the use of dictionary attacks and address harvesting software, financial penalties of up to S$1 million or 5% of the organisation’s annual turnover in Singapore, whichever is higher, or S$200,000 on an individual. At present, the maximum financial penalty for such breaches is S$1 million for organisations and S$200,000 for individuals.
 
Offences for Mishandling of Personal Data

To hold individuals accountable for the mishandling of personal data in the possession or under the control of an organisation, the PDPA has introduced the following offences at a new Part IXB:

  • knowing or reckless unauthorised disclosure of personal data; 

  • knowing or reckless unauthorised use of personal data for a gain for that individual or another person, or causing harm or loss to another person; and 

  • knowing or reckless unauthorised re-identification of anonymised information.
 
These offences are subject to specified defences, such as where the information is publicly available, where the individual reasonably believes that he had the legal right to do so, or where independent testing of anonymisation of personal data is carried out. An individual found guilty of any of the above offences will be liable on conviction to a fine of S$5,000 and/or imprisonment for a term not exceeding 2 years.
 
Voluntary Undertakings 

The Amendment Act introduces Part IXC of the PDPA, which empowers the PDPC to accept and enforce voluntary undertakings from organisations where the PDPC has reasonable grounds to believe that an organisation has not complied, is not complying, or is not likely to comply with the PDPA.
 
A voluntary undertaking is given and accepted in place of the conduct of a full investigation. It may include a commitment to do any of the following:-

  • take a specified action within a specified time;

  • refrain from taking a specified action; or

  • publicise the voluntary undertaking.
 
If an organisation does not comply with its voluntary undertaking, the PDPC may give the organisation or any person concerned any direction that it thinks fit to ensure the compliance of the organisation with the undertaking.
 
Alternative Dispute Resolution

The PDPC is now empowered under Part IXC to refer any complaint by an individual against an organisation to mediation under a dispute resolution scheme if it is of the opinion that the complaint may be more appropriately resolved. The PDPC may do so without the individual’s or the organisation’s consent. Both parties will be required to participate in the mediation as directed by the PDPC and must comply with any regulations prescribed by the PDPC.
 
Others

Removal of Exemption for Organisations Acting on Behalf of Public Agencies
 
Prior to the Amendment Act, private organisations that acted on behalf of a public agency were exempted from the data protection obligations in the PDPA. With the Amendment Act, all private organisations are now subject to the PDPA, even if they are acting on behalf of a public agency. Public agencies continue to be exempted from the data protection obligations in the PDPA.
 
Increased Protection from Unsolicited Messages
 
The new Part IXA relates to the PDPA’s Do Not Call provisions (“DNC Provisions”) and prohibits the sending of unsolicited messages to telephone numbers obtained through the use of dictionary attacks or address harvesting software. The Amendment Act also amends the Spam Control Act to this effect.
 
 
Next Steps
 
In adapting to the amended PDPA, organisations should review their data protection policies and procedures and ensure that they are in line with the new amendments.
 
In particular, organisations should ensure that they are sufficiently prepared to manage data breach incidents in light of the mandatory data breach notification obligation. Where they update their data protection policies and procedures, they should conduct internal training sessions on the same. Organisations should also review their operations and consider the feasibility of taking advantage of the expanded consent framework.
 
Please contact us if you need assistance on personal data protection matters.


Read the rest of this series
  • Part 1 - Consent, Protection, and Data Breach Notification
  • Part 2 - Individual Rights


Dharma Sadasivan
Director, BR Law Corporation
dharma@brlawcorp.com

Thiyana Ilangchizian
Trainee, BR Law Corporation

Post date. Edit this to change the date post was posted. Does not show up on published site. 10/5/2021


Your comment will be posted after it is approved.


Leave a Reply.

    We're Here To Help

    Our team welcome any comments or questions and will gladly assist you with your enquiry. You can call us on +65 6899 9888 or fill out our simple contact form. 

    Disclaimer

    The materials in these articles have been prepared for general informational purposes only and are not legal advice or a substitute for legal counsel. If you require legal advice for your particular circumstances, please consult a suitably qualified legal counsel. This information is not intended to create, and receipt of it does not constitute, an attorney-client relationship. You should not rely or act upon this information without seeking professional counsel. Whilst we endeavour to ensure that the information in these articles is correct, no warranty, express or implied, is given as to its accuracy and we do not accept any liability for error or omission. The authors of the articles are or were employees of BR Law Corporation at the time of  publication, but may no longer be, now or in the future, in the employ of the firm.

    Subscribe to our Newsletter

    Subscribe to our quarterly newsetter to keep up to date with a wealth of insights from the BR Law, BR Family Assets and BR Corporate services team.
    Subscribe to Newsletter

    RSS Feed

    Categories

    All
    Awards And Accolades
    Commercial Transactions
    Conveyancing
    Corporate Law
    COVID19
    Criminal Law
    Dispute Resolution
    Family And Matrimonial Law
    Intellectual Property
    International Law
    Personal Data Protection
    Probate And Administration
    Technology
    Wills And Trusts

    Archives

    June 2022
    April 2022
    March 2022
    November 2021
    October 2021
    September 2021
    July 2021
    May 2021
    April 2021
    October 2020
    September 2020
    July 2020
    May 2020
    April 2020
    January 2020
    October 2019
    June 2019
    March 2019
    February 2019
    January 2019
    December 2018
    August 2018
    July 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    September 2017
    August 2017
    January 2017
    September 2016
    March 2015
    January 2015
    July 2014
    June 2014
    May 2014
    April 2014

Firm Brochure

Download
Brochure in Japanese
Brochure in Mandarin

Our ecosystem

Our related services:
BR Family Assets

Practice Areas

Subscribe to our quarterly newsetter to keep up to date with a wealth of insights from the BR Law, BR Family Assets and BR Corporate services team.
Subscribe to Newsletter

Contact Us

br@brlawcorp.com
 
Main Branch - Republic Plaza
9 Raffles Place
#08-03 Republic Plaza
Singapore 048619
+65 6388 1717 Telephone
+65 6394 7398 Fax

Branch Office - Bank of China
4 Battery Road #29-00
Bank of China
Singapore 049908
+65 6899 9888 Telephone
+65 6338 5377 Fax

Branch Office - Clifford Centre
24 Raffles Place
#19-05 Clifford Centre
Singapore 048621
+65 6336 1717 Telephone
+65 6394 7318 Fax

Awards and Accolades

Picture
Terms of Use​  •  Privacy Statement
​© Copyright 2018 BR Law Corporation. Registered in Singapore (UEN: 200312051N).