Personal Data Protection

We live in a world where where personal data is currency that unlocks everything from cloud services to communication apps.

As an individual, there's plenty to be concerned about. Want a social media account? Disclose your name and email address, and note that your IP address will be logged. Share your photos, videos, and location with friends. Tie your messaging app to your mobile phone number. Publish your videos on a video-sharing platform, which also happens to have a related calendar and email platform - oh, and they're all owned owned by a company that sells advertising on its search engine.

To protect the privacy of individuals, countries around the world are enacting privacy laws to regulate how businesses collect, use and disclose personal data. As a result, businesses now face enormous challenges in global regulatory compliance in the area of personal data protection - yet, businesses have legitimate reasons for wanting to handle personal data.

From a marketing standpoint, a business may want personal data so it's always selling the right products to the right people at the right times. The business may want to email customers with special offers, do a market research survey with individual follow-ups if certain criteria are met, or get its customers to recommend its brand to their friends.

From an organizational standpoint, businesses may want to maintain HR information on employees and their families so they can provide family benefits, or centralize HR information in an overseas office from which the company's global headquarters operate.

This fully-connected environment comes with risks. Sometimes, despite a business's efforts, something goes wrong and a database gets hacked, credit card information gets leaked, and privacy regulators commence investigations.

Whether you're an individual or a business, local or global, we're here to help you comply with personal data protection regulations and communicate with data protection regulators, so you can navigate the uncharted and ever-changing landscape of privacy regulation.

News and Insights

03 August 2018

Conflicts between the PDPA and other Singapore laws

Dharma Sadasivan

On 02 August 2018, the Singapore Personal Data Protection Commission (the "Commission") released its decision in Re: Management Corporation Strata Title Plan No. 4436 [2018] SGPDPC 18 ("Re: MCST 4436"). In this case, the Commission turned its attention to a conflict between section 21(3) of the Personal Data Protection Act 2012 (the "PDPA"), which prohibits organizations from releasing personal data under certain circumstances notwithstanding the individual's general right of access to their own personal data, and section 47 of the Building Maintenance and Strata Management Act ("BMSMA"), which requires management corporations to supply information to certain classes of persons.

Comparative analysis: GDPR vs PDPA

Dharma Sadasivan

The European Union's General Data Protection Regulation ("GDPR") was approved by the EU Parliament on 14 April 2016 and came into effect on 25 May 2018. The GDPR is most significant piece of privacy regulation to emerge in the EU in over 20 years.

The changing nature of data intermediaries

Dharma Sadasivan

I previously wrote about the dual nature of data intermediaries. In that post, I discussed how, under certain circumstances, a data intermediary may simultaneously be an organization in its own right, in relation to a particular set of personal data.

How can we help you?

Get in touch to see how we can bring a wealth of expertise to your corner. Call us at +65 6899 9888 or contact a specific member of the team.