The Personal Data Protection Commission of Singapore encourages notification of certain data breaches. Notification of certain data breaches is now mandatory after the Personal Data Protection Act 2012 (No 12 of 2012) was amended by the Personal Data Protection (Amendment) Act 2020, which came into force on 1 February 2021.
State of the Law
No.
1.

Requirements
Are you aware whether the data breach occurred when the Personal Data Protection Act 2012 (No 12 of 2012) (PDPA 2012) did not mandate notifying breaches to data subjects or the Personal Data Protection Commission or whether it occurred after the data breach notification obligation came into force?
Completed?





2.

Are you aware that the Personal Data Protection Commission will consider timely notification as a mitigating factor when awarding penalties where the data breach occurred before the data breach notification obligation came into effect?




3.

Are you aware that if the data breach occurred after the data breach notification obligation came into force, the Personal Data Protection Commission can issue the organisation with directions in relation to any failure to comply with such notification obligations and a failure to comply with the protection obligation?






To download full Notifying A Data Breach — Checklist:
Please fill in your details below:
LexisNexis privacy policy and terms of use.

For enquiries, feel free to reach out via email at myln@lexisnexis.com.
© 2021 LexisNexis, a division of RELX Inc. All rights reserved. LexisNexis and the Knowledge Burst
logo are registered trademarks of RELX Inc., and used under licence.