In the proposed changes to the Personal Data Protection Act (PDPA), organisations will be penalised more heavily for data breaches. At the same time, organisations will have more freedom to use personal data to innovate. These changes were passed in Parliament on Monday, 2nd November 2020.

A key change to the PDPA is the maximum amount that a company can be fined for a data breach. Currently, the maximum fine for a data breach is SGD$1 million. After the proposed changes, the maximum amount that a company can be fined is 10 per cent of its annual turnover in Singapore or SGD$1 million, whichever is higher.

Another key change requires organisations to inform both the Personal Data Protection Commission (PDPC) and the affected individuals of data breaches that will result in or is likely to result in significant harm. This will allow both the PDPC and the affected individuals to protect their personal data. These actions may include changing their passwords or credit card numbers.


If you are a company owner or director and require assistance with adhering to the PDPA, you can contact us at [email protected] or [email protected].

Do note that there are consequences for breaching the PDPA.


When in doubt, seek legal advice or consult an experienced ACRA Filing Agent.

Yours Sincerely,
The editorial team at Singapore Secretary Services

For more useful articles and videos, visit the Singapore Secretary Services resource page.


Related articles:

Registering your company’s Data Protection Officer information with ACRA via BizFile+

What is a Data Protection Officer?

Important compliance requirements for Singapore companies

Responsibilities and duties of a director

The importance of complying with the Constitution and the Companies Act