The Personal Data Protection Act 2012 (PDPA) is in full effect as of today, after an 18 month transition period for companies to prepare for compliance.
Organisations will now have to comply with rules in the Data Protection provisions of the PDPA, along with the Do Not Call provisions implemented on 2 January 2014.
Those who do not comply may be fined.
From 2 July 2014, organisations will have to notify individuals why their personal data is being collected, used or disclosed, and obtain their consent to do so.
However, they can continue to use personal data collected before today without obtaining fresh consent, unless the individual has asked the organisation to stop doing so.
Reasonable security arrangements must also be made to prevent any unauthorised activity to the personal data. In addition, individuals will now have the right to access and correct their personal data.
Leong Keng Thai, Chairman of the Personal Data Protection Commission (PDPC) said, “With increasingly more data being generated and shared, the PDPA is necessary in order to strengthen Singapore’s position as a trusted global data hub.”
In January 2014, PDPC released proposed advisory guidelines on the PDPA to scenarios faced in the real estate agency sector, and sought feedback on them.