In the proposed changes to the Personal Data Protection Act (PDPA), organisations will be penalised more heavily for data breaches. At the same time, organisations will have more freedom to use personal data to innovate. These changes were passed in Parliament on Monday, 2nd November 2020.
A key change to the PDPA is the maximum amount that a company can be fined for a data breach. Currently, the maximum fine for a data breach is SGD$1 million. After the proposed changes, the maximum amount that a company can be fined is 10 per cent of its annual turnover in Singapore or SGD$1 million, whichever is higher.
Another key change requires organisations to inform both the Personal Data Protection Commission (PDPC) and the affected individuals of data breaches that will result in or is likely to result in significant harm. This will allow both the PDPC and the affected individuals to protect their personal data. These actions may include changing their passwords or credit card numbers.
Do note that there are consequences for breaching the PDPA.
When in doubt, seek legal advice or consult an experienced ACRA Filing Agent.
The editorial team at Singapore Secretary Services
For more useful articles and videos, visit the Singapore Secretary Services resource page.