Data Protection & Privacy

Drew & Napier’s work in data protection precedes the advent of the Personal Data Protection Act 2012 (No. 26 of 2012) (“PDPA”). Our expertise extends beyond general data protection law to sectoral frameworks, in particular, in the Telecommunications, Media and Technology (“TMT”), financial, and healthcare sectors.
We have been at the forefront of the development of data protection laws in Singapore, given our extensive experience assisting the Personal Data Protection Commission (“PDPC”) in setting up the implementing data protection laws in Singapore. We continue to represent the PDPC (and its parent statutory board, the Info-communications Media Development Authority (“IMDA”)) in advisory, enforcement and policy work.
Since 2013, we have acted for the PDPC as its external legal counsel and regulatory advisors, and have worked on many of the most significant developments in the Singapore data protection scene. These include assisting the PDPC to formulate implementing regulations and guidelines under the PDPA, and developing the enforcement framework under the PDPA. Furthermore, a number of the team’s lawyers have previously been seconded to the PDPC. As such, we have developed an unparalleled understanding and appreciation of the PDPC’s regulatory frameworks and policy thinking.
Over the last decade, Drew & Napier has been one of the leading practices in this field, having worked on a number of important matters, including: 

  1. assisting the PDPC to administer Singapore’s personal data protection law, from the earliest days of formulating its implementing frameworks, to routinely advising the PDPC in enforcement matters and new policy initiatives; 

  2. providing wide-ranging advice on the Singapore data protection regime, including in respect of novel and challenging legal issues; and 

  3. advising on ad hoc queries relating to potential or actual privacy breaches and the necessary disclosure requirements and remedial actions in Singapore.

In addition, Drew & Napier also acts for a wide range of clients on a variety of data protection matters. These data protection matters run the full gamut, including the implementation of group-wide data protection compliance programmes, the localisation of global data privacy policies, data protection training programmes, advising companies on dealing with data breaches, conducting regulatory risk audits, and addressing ad hoc queries.
Our clients, which include several household names, include MNC telcos and Internet companies (ranging from the world’s leading social networking site to mobile device manufacturers to software developers) as well as local clients across industries (including airlines, manufacturing, entertainment, and fast-moving consumer goods).

Practice Areas/Capabilities

  • Adapting global policies for data privacy and consumer protection for clients’ Singapore operations and offices; 
  • Advising on ad hoc queries relating to potential or actual privacy breaches and the necessary disclosure requirements and remedial actions in Singapore; 
  • Advising on data protection concerns relating to the introduction of novel telecommunication services in the Singapore market; 
  • Advising on key issues, queries and requests on personal data protection, such as data retention and systems migration projects, access requests, and assisting on responses to information requests made pursuant to investigations; 
  • Advising on legal issues arising from the provision of cybersecurity services and related activities; 
  • Advising on legal issues relating to digital certification services, electronic signatures and encryption keys. 


Chambers Asia Pacific
TMT 2019 - Band 1 for 12 consecutive years

Leading Individual:
Lim Chong Kin

“Areas of strength include telecoms and media regulations, as well as data protection issues.”
Who’s Who Legal
Leading Lawyer:
Data - (IT, Telecoms & Media) 2018 - Lim Chong Kin

Get in touch