Lim Chong Kin, Co-head, Data Protection, Privacy and Cybersecurity Practice, comments on changes on Personal Data Protection in Singapore
13 Mar 2020
Lim Chong Kin, Co-head, Data Protection, Privacy and Cybersecurity Practice, provided his views and comments on the changes on Personal Data Protection in Singapore in an article, “The Changing Data Game”, published by the Singapore Academy of Law.
The article reviewed the many changes that the Personal Data Protection Commission (PDPC) made in their approach to data protection in Singapore last year.
The year 2019 saw the PDPC pivoting from expecting mere compliance with the Personal Data Protection Act 2012 (PDPA) to promoting a culture of accountability.
We are moving away from a culture of mere compliance towards a more strategic accountability-based approach, stressed Chong Kin.
“There was certainly a sharp uptick in enforcement action by the PDPC in 2019; it issued a total of 57 enforcement decisions, compared to just 29 the year before,” noted Chong Kin.
He advised those looking to gain a better understanding of the PDPC’s expectations with respect to “policies and practices” required under the PDPA’s Accountability Obligation to read the grounds of decision of two cases: Xbot Pte Ltd and Horizon Fast Ferry Pte Ltd. He added that two other cases — involving Genki Sushi and Bud Cosmetics Singapore — are also useful reads. “These new cases provide further insight into the PDPC’s approach in the interpretation of the various Data Protection Obligations under the PDPA,” he explained. “Several cases in this period are distinctive, representing various landmarks and firsts for the PDPC, among them the record $1 million combined fine imposed on SingHealth and IHiS.”
The year 2019 also saw the PDPC actively rolling out initiatives which highlighted the principle of accountability, most significantly, the replacement of the Openness Obligation with the new Accountability Obligation in the PDPA and the issuance of the PDPC’s Guide to Accountability under the PDPA on 15 July 2019.
Chong Kin welcomed this move and is of the view that the focus on accountability would not only help an organisation build and maintain trust with consumers in the short run, but also enhance the organisation’s business competitiveness in the long run. He said, “Accountability in relation to data protection is the key ingredient for organisations looking to succeed in the digital economy,” adding that the shift will necessarily spell new requirements for organisations. “They are now expressly required to be able to demonstrate to the PDPC how they are accountable for the personal data in their care.”
To read the full article, please click here.