In Singapore, the Personal Data Protection Act (PDPA) regulates the collection, use, disclosure, and protection of personal data. In A Practical Guide to Singapore Data Protection Law, Winnie Chang provides an excellent introduction to Singapore’s data protection statute and the regulatory framework surrounding it.
First up, Chang introduces you to the PDPA and explains its legislative history. The introduction also outlines how the PDPA affects other laws and who the agencies are that are responsible for enforcing it. Next, the book outlines the PDPA’s key data protection principles, which include the consent principle, the accuracy principle and the open principle.
A significant portion of the text is dedicated to describing how the PDPA governs the collection, use and disclosure of personal data. The entire book has tons of “practical tips”, but the collection, use and disclosure portion of the book has some very specific suggestions to help with both compliance and transparency.
Chang then zeroes in on enforcement and penalties. In this chapter, she explains the powers and functions of the Personal Data Protection Commission (PDPC), which is charged with the administration and enforcement of the PDPA. One of the nuances of Singapore’s data protection regulatory scheme is that the PDPA overlaps with sector-specific legislation quite a bit. Chang points out this statutory quirk and describes how the PDPC is charged to work closely with sector regulators in carrying out its enforcement activities. The book also includes a list and brief summary of many of Singapore’s sector-specific data protection laws.
Finally, Chang provides a compliance checklist for organizations to help them comply with the PDPA. The checklist is “big picture” but should be helpful in assisting organizational decision-makers framing the way they approach compliance with the PDPA. The book also includes several appendices and one, Appendix 3, includes the entire text of the PDPA.
This book is concise, practical and easy-to-read. It includes all the essential information for anyone who needs to understand data protection law in Singapore. The book is not a treatise; its practical approach is helpful in keeping the reader focused on compliance, which makes sense because, in the end, compliance is probably the principle reason anyone would be interested in reading it in the first place. The practical tips throughout are well-placed and helpful in understanding the text, the PDPA and Singapore’s approach to data protection.