Appoint Your Data Protection Officer

We understand that businesses have resource or capability constraints, and hiring a full time Data Protection Officer may not be practical.

Let our partner take on your organization’s DPO operational obligations while you focus on what you do best, to grow the business.

The Personal Data Protection Committee (PDPC) sent the following email to all organizations in Singapore, informing businesses to register their Data Protection Officer via ACRA BizFile.

Personal Data Protection Act 2012

All organisations, including sole proprietorships, are required to designate at least one person, a Data Protection Officer (DPO), to be responsible for ensuring that the organisation complies with the PDPA.

Organisations are also required to ensure that at least one DPO’s business contact information is made available to the public. The business contact information may be a general telephone or email address of the organisation.

The DPO may be a person whose scope of work solely relates to data protection or a person in the organisation who takes on this role as one of his multiple responsibilities.

It has been seen from past enforcement cases that Organizations that failed to appoint a Data Protection Officer have had financial penalties ranging from $5000 to $20,000.

Scope of Work (Annual Basis)

Register named individual in ACRA BizFile+
Develop data protection policies and overall Data Protection Management Programme (DPMP)
Review of corporate website Privacy Policy to ensure PDPA compliant
Be part of group email to answer any Data Protection related queries
Monthly email on latest PDPA breaches and regulations
PDPC E-learning with assessment tracking for employees
Bi-annual company review/risk assessment on business processes and audit
Ongoing data protection support for specific business questions

Our Approach - <DPO-As-A-Service>

Our outsourced DPO solution is tailored to your business needs.

DPO Appointment

  • data protection and PDPA expert is officially registered with ACRA to be your DPO.
  • Our experts are certified in the PDPA’s data protection obligations and value add with cybersecurity expertise
  • The outsourced DPO contact details are published on your organisation’s website and ACRA registry

Organisations are required to designate at least one individual, known as the data protection officer (DPO), to oversee the data protection responsibilities within the organisation and ensure compliance with the PDPA.

Ongoing DPO Duties

  • Bi-annual surprise audit to ensure employees handling personal data adhere to SOPs
  • Data protection expert support for specific business questions
  • Outsourced DPO as contact channel for data privacy queries and complaints from individuals or authorities.
  • Liaise with the PDPC to respond to new regulatory requirements.

PDPA Policies and Procedures

  • Drafting of required data protection policies, agreements and procedures.
  • Review and definition of required data protection policies and procedures.
  • Integration of defined procedures into daily business routine.

Under the Personal Data Protection Act 2012 (PDPA), organisations are required to develop and implement policies and practices that are necessary to meet its obligations under the PDPA.

Data Protection Management Programme (DPMP)

  • Creation of Data Inventory Maps (DIM)
  • Risk assessment and mitigation recommendations from quarterly audit results.
  • Develop organization’s data breach management plan
  • Corporate E-learning with assessment tracking for employees
  • Monthly emailer on latest PDPA breaches and regulations

Review your organisation’s data management framework and processes to align them with the PDPA, for example, determining how, when and where your organisation collects personal data, the purposes for the data collection, and ensuring that consent has been obtained for the collection, use and disclosure of the data. In the unlikely event of a data breach still happening, a systematic data breach management plan will be utilized.