Transfer of personal data outside Singapore

(1) An organisation shall not transfer any personal data to a country or territory outside Singapore except in accordance with requirements prescribed under this Act to ensure that organisations provide a standard of protection to personal data so transferred that is comparable to the protection under this Act.
(2) The Commission may, on the application of any organisation, by notice in writing exempt the organisation from any requirement prescribed pursuant to subsection (1) in respect of any transfer of personal data by that organisation.
(3) An exemption under subsection (2) —
(a) may be granted subject to such conditions as the Commission may specify in writing; and
(b) need not be published in the Gazette and may be revoked at any time by the Commission.
(4) The Commission may at any time add to, vary or revoke any condition imposed under this section.