Seraphim
セラフィム
Assess your organization's compliance with Singapore's Personal Data Protection Act (PDPA). Get instant feedback on consent, notification, access, and DO NOT CALL obligations. シンガポールPDPAコンプライアンス評価
The Personal Data Protection Act 2012 (PDPA) governs the collection, use, disclosure, and care of personal data in Singapore. This tool evaluates your compliance across 8 key obligation areas plus DO NOT CALL registry requirements.
Part IV, Division 1: Obtaining valid consent
Do you obtain consent before collecting personal data?
Do you inform individuals of the purposes for collecting their data?
Part IV, Division 2: Using data only for stated purposes
Do you use personal data only for purposes that individuals have consented to?
Do you seek fresh consent when using data for new purposes?
Part IV, Division 3: Informing individuals
Do you have a clear, accessible privacy policy?
Do you notify individuals of all purposes at or before data collection?
Part IV, Division 4: Responding to requests
Can individuals request access to their personal data you hold?
Can individuals request correction of errors in their data?
Part IV, Division 6: Security measures
Do you protect personal data with reasonable security arrangements?
Do you have access controls limiting who can view personal data?
Part IV, Division 7: Data retention periods
Do you have defined retention periods for different types of data?
Do you securely dispose of or anonymize data no longer needed?
Part IV, Division 8: Overseas transfers
Do you ensure overseas recipients protect data to a comparable standard?
Part VIA: Mandatory breach notification (2020 amendment)
Do you have a data breach response plan?
Can you notify PDPC within 3 calendar days of assessing a notifiable breach?
Part IX: Telemarketing compliance
Do you check the DNC Registry before sending marketing messages?
Do your marketing messages include sender identification and opt-out?
Accountability: Designation and responsibilities
Have you designated a Data Protection Officer (DPO)?
Our Singapore-based consultants help organizations implement PDPA-compliant systems, conduct gap assessments, and train staff. We serve businesses throughout APAC.
💬 Get Free ConsultationThe Personal Data Protection Act 2012 (PDPA) is Singapore's primary data protection law that governs the collection, use, disclosure, and care of personal data by organizations. It came into full effect on July 2, 2014, with significant amendments in 2020.
Key changes include mandatory data breach notification within 3 calendar days for notifiable breaches, expanded deemed consent provisions, and enhanced enforcement powers with penalties up to 10% of annual turnover in Singapore for organizations with turnover exceeding S$10 million.
Organizations in Vietnam, Malaysia, Indonesia, and other ASEAN countries doing business in Singapore must comply with PDPA. Our consulting services help APAC businesses implement compliant systems while aligning with multiple regional data protection frameworks.