SINGAPORE – Importance Of Data Protection Officers

Managing data, in particular personal data, is of utmost importance. Organisations should adopt a prudent strategy, take proactive approach in fostering a data protection culture with the organisation, and you will build trust and goodwill with your customers.

To help organisations better manage personal data, organisations in Singapore are required under the Personal Data Protection Act 2012 (PDPA) to designate at least one individual as the organisation’s Data Protection Officer (DPO) to be responsible for the organisation’s compliance with the PDPA and to answer questions relating to their data protection policies and practices.

The DPO may be an existing employee in the organisation who takes on this role as one of his multiple responsibilities. The DPO’s role may include the following:

  • Developing good policies for handling personal data in electronic and/or manual form, that suit your organisation’s needs and comply with the PDPA;
  • Turning personal data protection into a competitive advantage and is also champion of trust in the wider data ecosystem;
  • Communicating the internal personal data protection policies and processes to customers, members and employees;
  • Handling queries or complaints about personal data from customers, members and employees;
  • Alerting your organisation to any risks that might arise with personal data; and
  • Liaising with the PDPC (Personal Data Protection Commission) Singapore, if necessary.

Please note compliance by the organisation with the PDPA remains the responsibility of the organisation notwithstanding appointment of the DPO.