As we support businesses to use data, they must put in place accountable practices and safeguard consumers’ interests. These data protection principles should undergird businesses’ use of data, be it to understand customers or plan operations.

Unlocking business value with accountable use of data

The use of data in the digital economy has shown big potential to enhance productivity and business competitiveness. Learn more about how businesses can innovate with confidence and thrive amidst new technology, business models and global developments by ensuring their use of data is backed by sound data protection principles.

(Article by PDPC)

How Great Eastern Life demonstrates accountable data protection practices

As the first insurance company to attain both the Data Protection Trustmark (DPTM) and APEC Cross Border Privacy Rules (CBPR) certifications, Great Eastern Life has boosted its stakeholders’ confidence—making it the insurer of choice for customers, financial representatives and partners.

(Published in IMDA's IMPact News, 18 June 2021)

Announcements

	Amendments to Regulations under the Personal Data Protection Act (PDPA) and Advisory Guidelines As part of the update to the PDPA, follow-up amendments to the Personal Data Protection (Notification of Data Breaches) Regulations 2021 and Personal Data Protection Regulations 2021 have been made.
	Launch of the Better Data Driven Business (BDDB) programme The IMDA and the PDPC has launched the BDDB programme which provides free resources to help SMEs better safeguard their customers’ personal data while making more effective use of data to remain competitive in the digital economy.
	Updated Advisories on Collection of Personal Data for COVID-19 Contact Tracing and Use of SafeEntry The PDPC has updated the advisories to include guidance on the implementation of vaccination-differentiated Safe Management Measures (SMM) for F&B establishments.
	Connect to the DNC Registry API The PDPC has developed a number checking application programming interface (API) for the Do Not Call (DNC) Registry. Organisations can choose to connect their internal system with the API to check numbers in the DNC Registry, or check numbers in real time as the call is being made or the text message is being sent out.
	Developing the MVP for AI Governance Testing Framework The IMDA and the PDPC are working with like-minded partners to develop a credible Minimum Viable Product (MVP) that will allow industry to achieve greater transparency around AI systems, and enable organisations to deploy AI systems in a trusted manner.

New Resources

	e-Learning Programme on the PDPA Get to know the essentials of the PDPA through these interactive learning tools developed by the PDPC. The course covers the basics you will need to know about the key terms and organisations' obligations under the PDPA and offer ways in which data protection officers can develop good data protection policies and practices.
	Compendium of Data Use Cases The PDPC has published a series of success stories shared by companies that demonstrates how local businesses of different sizes and sectors have made use of data to improve their operations or services, in hopes that these real-world use cases can serve as a starting point for others looking to learn from industry leaders.
	Accountability To stay competitive in the digital economy, it is important for your organisation to take an accountability-based approach in managing customers' personal data. Learn more about the Accountability Obligation under the PDPA, and get access to more resources on accountability.
	Data Protection Practices for ICT Systems It is important for organisations to adapt good data protection practices and strengthen their data protection measures and controls for a robust and ICT system. The PDPC has released new resources that would be helpful for organisations to develop good data protection practices in their ICT system and processes as well as improve capabilities in data breach prevention.

Commission's Decisions

Oct 2021

●	Breach of the Protection Obligation by ChampionTutor A financial penalty of $10,000 was imposed on ChampionTutor for failing to put in place reasonable security arrangements to protect personal data in its possession. The incident resulted in the personal data being exposed.

●

Breach of the Protection and Transfer Limitation Obligations by J & R Bossini Fashion

Directions were issued to J & R Bossini Fashion for breaches of the PDPA in relation to the transfer of Singapore-based individuals’ personal data to its parent company in Hong Kong and the protection of its employees’ personal data stored in its servers in Singapore.

●

Breach of the Protection, Accountability and Retention Limitation Obligations by Stylez

A financial penalty of $37,500 was imposed on Stylez for failing to put in place reasonable security arrangements to protect personal data of its customers and cease retaining data when the purpose of collection no longer exists. As a result, the personal data of its customers was publicly exposed. A direction was also issued to Stylez to develop and implement internal data protection policies and practices to comply with the PDPA.

Help and Resources for DPO

Advisory Guidelines

on the Do Not Call

(DNC) Provisions

The Advisory Guidelines provide an explanation of how the DNC Provisions, may apply in different scenarios and allows organisations and individuals to better understand the requirements. They should be read in conjunction with the Advisory Guidelines On Key Concepts and Advisory Guidelines for Selected Topics.

Business

Intelligence (BI)

Tool

Designed with built-in data protection practices, the BI tool is a user-friendly tool that helps businesses convert data into visual dashboards to address five common business objectives.

Interactive Guide

Complementing the BI tool, the Interactive Guide offers a useful step-by-step guide on learning how to use data to make better business decisions.