What is the PDPA of 2012?
The Personal Data Protection Act of 2012 (PDPA) is a law designed to regulate and enforce the proper collection, use, disclosure, and care of the personal data of citizens in the Republic of Singapore. The Personal Data Protection Commission (PDPC) is charged with establishing policies and for reviewing organizational actions related to personal data protection rules. It also issues directions for compliance, where necessary, and imposes fines and other actions for noncompliance.
Who must comply with the PDPA?
Any business entity or organization that collects, uses, or discloses personal data falls under this law. It was designed to recognize both the right of individuals to protect their personal data and the need of organizations to collect, use, or disclose personal data for purposes that a reasonable person would consider appropriate in a given circumstance.
Related reading: What is GDPR?
How does an organization comply with the data protection law?
Organizations are obligated to protect personal data in their possession or under their control by making reasonable security measures to prevent unauthorized access, collection, use, disclosure, copying, modification or data, or similar risks.
Noncompliance can result in the PDPC ordering an organization to stop any business activities which use personal data and in issuing fines of $10,000 per offense.
Related reading: Marriott International Data Breach
Related reading: Facebook’s Security Breach
The PDPC divides protection measures into three categories: administrative, physical, and technical.A managed file transfer system, like GoAnywhere MFT, can address the technical measures required to protect personal data by:
- Controlling access to files and personal information
- Encrypting personal data
- Establishing the correct security settings when sending and/or receiving highly confidential emails
- Ensuring that IT service providers can provide the requisite standard of IT security
- And more
Learn about how managed file transfer can offer organizations the technical security measures needed to comply with the PDPA.
