Applying to all organizations that collect, use and disclose data in Singapore, the Singapore Personal Data Protection Act (PDPA) was recently amended. The Personal Data Protection Commission (PDPC) issued a statement on March 1, which confirmed its intent to introduce a mandatory breach notification regime. The notification mandate would require organizations to notify both affected individuals and the PDPC when a data breach risks harm to individuals involved in the breach, as well as notify the PDPC regardless of potential impact when there is a significant (more than 500 individuals) data breach.
Read more