Singapore PDPA: Compliance - The free to use privacy research database

PART IPRELIMINARY

1. - Short title and commencement 2. - Interpretation 3. - Purpose 4. - Application of Act

PART IIPERSONAL DATA PROTECTION COMMISSION AND ADMINISTRATION

5. - Personal Data Protection Commission 6. - Functions of Commission 7. - Advisory committees 8. - Delegation 9. - Conduct of proceedings 10. - Co-operation agreements

PART IIIGENERAL RULES WITH RESPECT TO PROTECTION OF PERSONAL DATA

11. - Compliance with Act 12. - Policies and practices

PART IVCOLLECTION, USE AND DISCLOSURE OF PERSONAL DATA

Division 1 - Consent

13. - Consent required 14. - Provision of consent 15. - Deemed consent 16. - Withdrawal of consent 17. - Collection, use and disclosure without consent

Division 2 - Purpose

18. - Limitation of purpose and extent 19. - Personal data collected before appointed day 20. - Notification of purpose

PART VACCESS TO AND CORRECTION OF PERSONAL DATA

21. - Access to personal data 22. - Correction of personal data

PART VICARE OF PERSONAL DATA

23. - Accuracy of personal data 24. - Protection of personal data 25. - Retention of personal data 26. - Transfer of personal data outside Singapore

PART VIIENFORCEMENT OF PARTS III TO VI

27. - Alternative dispute resolution 28. - Power to review 29. - Power to give directions 30. - Enforcement of directions of Commission in District Court 31. - Reconsideration of directions or decisions 32. - Right of private action

PART VIIIAPPEALS TO DATA PROTECTION APPEAL COMMITTEE, HIGH COURT AND COURT OF APPEAL

33. - Data Protection Appeal Panel and Data Protection Appeal Committees 34. - Appeal from direction or decision of Commission 35. - Appeals to High Court and Court of Appeal

PART IXDO NOT CALL REGISTRY

Division 1 - Preliminary

36. - Interpretation of this Part 37. - Meaning of “specified message”38. - Application of this Part

Division 2 - Administration

39. - Register 40. - Applications 41. - Evidence 42. - Information on terminated Singapore telephone number

Division 3 - Specified message to Singapore telephone number

43. - Duty to check register 44. - Contact information 45. - Calling line identity not to be concealed 46. - Consent 47. - Withdrawal of consent 48. - Defence for employee

FIRST SCHEDULERepealed

SECOND SCHEDULECOLLECTION OF PERSONAL DATA WITHOUT CONSENT

1. - An organisation may collect personal data about an individual without the consent of the individual or from a source other 2. - In this paragraph and paragraph 1(h) —3. - (1) The conditions in this paragraph shall apply if the personal data is collected under paragraph 1(p).4. - For the avoidance of doubt, personal data disclosed before the appointed day in the circumstances and conditions set out in

THIRD SCHEDULEUSE OF PERSONAL DATA WITHOUT CONSENT

1. - An organisation may use personal data about an individual without the consent of the individual in any of the following 2. - Paragraph 1(i) shall not apply unless —3. - For the avoidance of doubt, personal data collected before the appointed day in the circumstances and conditions set out in

FOURTH SCHEDULEDISCLOSURE OF PERSONAL DATA WITHOUT CONSENT

1. - An organisation may disclose personal data about an individual without the consent of the individual in any of the following 2. - In the case of disclosure under paragraph 1(c), the organisation shall, as soon as may be practicable, notify the individual 3. - (1) The conditions in this paragraph shall apply to personal data disclosed under paragraph 1(p).4. - Paragraph 1(q) shall not apply unless —5. - For the avoidance of doubt, personal data collected before the appointed day in the circumstances and conditions set out in

FIFTH SCHEDULEEXCEPTIONS FROM ACCESS REQUIREMENT

1. - An organisation is not required to provide information under section 21(1) in respect of —

SIXTH SCHEDULEEXCEPTIONS FROM CORRECTION REQUIREMENT

1. - Section 22 shall not apply in respect of —

SEVENTH SCHEDULECONSTITUTION AND PROCEEDINGS OF DATA PROTECTION APPEAL PANEL AND DATA PROTECTION APPEAL COMMITTEES

1. - Data Protection Appeal Panel 2. - Chairman of Appeal Panel or temporary Chairman of Appeal Panel 3. - Proceedings of Appeal Committees 4. - Powers of Appeal Committees 5. - Allowances 6. - Validity of act or proceeding

EIGHTH SCHEDULEEXCLUSION FROM MEANING OF “SPECIFIED MESSAGE”

1. - For the purposes of Part IX, a specified message shall not include any of the following:2. - [Deleted by Act 22 of 2016 wef 01/10/2016]

NINTH SCHEDULEPOWERS OF INVESTIGATION OF COMMISSION AND INSPECTORS

1. - Power to require documents or information 2. - Power to enter premises without warrant 3. - Power to enter premises under warrant

(b) compliance with the requirement is a condition imposed by the foreign data protection body for furnishing information in its possession to the Commission pursuant to a co operation agreement.

(1) The Commission may, if it is satisfied that an organisation is not complying with any provision in Parts III to VI, give the organisation such directions as the Commission thinks fit in the circumstances to ensure compliance with that provision.

(2) Without prejudice to the generality of subsection (1), the Commission may, if it thinks fit in the circumstances to ensure compliance with Parts III to VI, give the organisation all or any of the following directions:

(a) to secure compliance with the direction; or

(d) the information included in the specified message in compliance with this subsection is reasonably likely to be valid for at least 30 days after the message is sent.

(iii) the compliance or purported compliance with this Act or any other written law.