DWF logo


DWF logo

            Key changes in 2019 for personal data protection compliance

            Glen Chee Director at DWF Compliance highlights the key changes in 2019 in relation to the protection of personal data.

            Date: 12/02/2019

            Handling of NRIC Collection

            The Personal Data Protection Commission (“Commission”) has issued guidelines providing more comprehensive advice on the collection, use and disclosure of National Registration Identification Card or "NRIC" numbers and include stricter controls over their usage. In addition, other national identification numbers (e.g. birth certificate numbers, foreign identification numbers and work permit numbers) and passport numbers will also be accorded the same treatment as NRIC numbers under the Guidelines. An organisation is generally prohibited from collecting, using or disclosing an individual's NRIC number or a copy of the NRIC unless required by law.

            The Commission will enforce the Guidelines from 1 September 2019. Organisations will have to take immediate steps to review its practices and make changes which are necessary to ensure that any existing or proposed collection or use of the NRIC is either permitted under the law or is otherwise justified.

            Mandatory data breach notification

            Another key proposal is the adoption of a data breach notification framework in Singapore. The organization must apply the risk of impact or harm test to the affected individuals when making a decision with regards to notifying the affected individuals and notifying the Commission.

            Relaxation of the Consent Principle: Consent not required where individual has been notified of purpose.

            General requirement for deemed/express consent to collect, use and disclose personal data will be relaxed if notifying the individuals of the purpose of data handling can be an appropriate basis for an organisation to collect, use and disclose personal data - i.e. consent is not required - if the collection, use or disclosure of personal data is not expected to have any adverse impact on the individuals.

            Data Protection Trust Mark

            The Commission Has announced that the PDPA will launch a Data Protection Trust Mark Certification scheme in 2019. A "DP Trustmark" will be a visible indicator that a business adopts sound practices and keeps its processes updated regularly.

            How we can help

            We help our clients to review, update their practices, policies and processes to include the proposed PDPA changes.

            We offer a full suite of PDPA compliance services to help organisations comply with PDPA requirements, including training and assessments.

            Please do not hesitate to contact us if you require any assistance.

            We use cookies to give you the best user experience on our website. Please let us know if you accept our use of cookies.

            Manage cookies

            Your Privacy

            When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. We mainly use this information to ensure the site works as you expect it to, and to learn how we can improve the experience in the future. The information does not usually directly identify you, but it can give you a more personalised web experience.
            Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change permissions. However, blocking some types of cookies may prevent certain site functionality from working as expected

            Functional cookies


            These cookies let you use the website and are required for the website to function as expected.

            These cookies are required

            Tracking cookies

            Anonymous cookies that help us understand the performance of our website and how we can improve the website experience for our users. Some of these may be set by third parties we trust, such as Google Analytics.

            They may also be used to personalise your experience on our website by remembering your preferences and settings.

            Marketing cookies

            These cookies are used to improve and personalise your experience with our brands. We may use these cookies to show adverts for our products, or measure the performance of our adverts.