4 Things Singapore Marketers Should Know About PDPA 

    Singapore Marketers Should Know About PDPA 
    Singapore Marketers Should Know About PDPA

    When you run a business, it is important to know the important factors and aspects that need to be considered with respect to the country your business is based in. So, similarly, it is important for marketers in Singapore to know about certain regulations. 

    One of such regulations is the PDPA (Personal Data Protection Act). It was in 2012 before the EU’s GDPR (General Data Protection Regulation) came into the picture on the legal state when Singapore adopted the PDPA. 

    However, it was in 2014 on the 4th of July when the act came into full force in order to govern the usage, collection, disclosure, and care of personal data. The PDPA also regulated telemarketing practices. 

    PDPA faced criticism as it fell short of GDPR’s hard-line approach to personal data protection and privacy. The criticism was mainly due to their exemption clauses and as it did not have any special categories for sensitive data related to race, ethnicity, etc. 

    In 2020, the PDPA was amended with new clauses and changes to their consent framework. As the PDPA deals with things like data breaches it becomes important for Singapore marketers to have basic knowledge about the PDPA. 

    Below are a few basic things that a marketer in Singapore should be aware of about PDPA. Let’s begin. 


    The PDPA has a set of regulations that need to be followed by all the marketers. Any breach in any of the regulations will lead to a penalty depending on the violation. If one fails to stick to the given amendments then it is considered as a non-compliance and is subjected to penalties. 

    • If any organization is involved in tampering with personal data and hiding the collection or use of the same, they will have to face a fine of a maximum of S$50,000. 
    • In case there is any hindrance with any ongoing PDPA investigation, then there is a fine of S$100,000.
    • A company shall be responsible for its employees’ actions whether or not the company is aware of the same. 
    • The maximum penalty is in the case of a health data breach and that is S$1,000,000.
    • There is a fine of $10,000 for DNC violations.
    • If there are major PDPA violations then that can cause major damage to an organization’s reputation as well. 

    Third Parties 

    Third parties play a vital role in B2B marketers in agencies. The B2B marketers are nothing but data intermediaries so it is important for them to pay attention to the aspects of PDPA that involve retention and safeguarding of personal data. 

    Third parties need consent from individuals for the disclosure of their personal data to other organizations. However, to do so it is important to have proof about the same. Any written or verbal proof works but it is best recommended to have a contractual undertaking. 

    Individual Rights 

    Individual Rights are the only way to withdraw the consent. But withdrawal has some serious consequences too. This extra protection has some risk with it, but it is the final call a Singaporean would have. The consequences can be faced by both parties as well as organizations.

    The main factor is you cannot request a withdrawal if the law requires disclosure or usage of the information or if it is required for business or legal purposes. There are only a few limited rights for individuals when it comes to changes or accessing any information. 

    An individual can request access to the data or information that an organization holds regarding its use or any other thing but it is only subjected to a few exceptions. As individuals can request access and changes or corrections to their personal information, given that there are reasonable grounds, an organization can decide whether or not to apply them. 

    Data Transfers

    For any cross-border data transfer, an organization shall perform the transfer of personal data only under the supervision of PDPA with prior permission to do so. When any cross-border data transfer takes place it is the organization’s responsibility to make sure that the country to which the data has been transferred practices comparable to standards set by PDPA. 

    Cross-border data transfers are also permitted if the organization has consent from the individual to do so. Also in case the data transfers are necessary and are prescribed for reasonable grounds. 


    These were a few basic things that a marketer in Singapore must be aware of about PDPA. One can seek help from platforms like Sleek for any help related to business in Singapore. It is important to follow certain regulations and talking about personal data, it is one of the main concerns.