Drew & Napier’s dedicated Data Protection, Privacy and Cybersecurity Practice has unrivalled experience and offers clients best-in-class solutions to address their legal and compliance needs in Singapore and across the region. Our expertise covers the full range of regulatory, commercial and global aspects of data protection and cybersecurity and, working in tandem with the Drew Data Protection & Cybersecurity Academy, we seek to address our clients’ needs with an integrated and holistic approach.
Deep Industry Knowledge and Capabilities
Our experience in data protection, privacy and cybersecurity predates, and also extends beyond, Singapore's Personal Data Protection Act 2012 (PDPA) and Cybersecurity Act 2018. We have advised numerous clients in many industries on the requirements of general data protection and cybersecurity law, as well as sectoral laws and frameworks, in particular, in the Telecommunications, Media and Technology (TMT), Banking and Finance, and Healthcare and Life Sciences sectors. Several members of our team have also worked in industry in data protection or similar roles and have the necessary “in-house” perspective to translate legal advice into practical, implementable and cost-effective governance and compliance solutions.
Our clients, several of which are household names, include companies operating globally or regionally (such as the world’s leading social networking site, a major platform service provider, telco and Internet service providers, airlines, mobile device manufacturers and software developers) as well as large local companies in various industries (such as banking and finance, technology infrastructure, manufacturing, entertainment, and sports). We have also assisted a number of SMEs, non-profit entities and other organisations to meet their compliance obligations.
Some of the matters we have worked on include the following:
- Development / adaptation of local, regional or global (group-wide) data protection policies, frameworks and compliance programmes;
- Implementation of cross-border data protection requirements including in relation to cloud-based services and cross-border transfers of personal data (into or from Singapore);
- Response to data breaches and cybersecurity incidents, including the reporting and disclosure obligations and remediation requirements to comply with applicable laws and obligations (see below for more information);
- Data protection / cybersecurity audits for compliance with applicable laws and frameworks such as APEC Cross-Border Privacy Rules System (CBPRs), and Singapore’s Data Protection Trust Mark (DPTM);
- Advising on specific data protection issues, such as use of device IDs and cookies in relation to the collection of data, data retention and use for business purposes, legal issues relating to digital certification services, electronic signatures and encryption keys, and assisting on responses to information requests made pursuant to investigations by law enforcement and regulatory authorities (locally and from other jurisdictions).
Knowing that our clients’ needs in this area may stretch into other domains, we have established the Drew Data Protection & Cybersecurity Academy to provide training and assist clients in developing and implementing organisational strategies, structures, policies and processes to meet their obligations as they seek to leverage their data assets and take advantage of (or develop) new technologies and insights into their business.
Accolades
Asian Legal Business Southeast Asia Law Awards
Lim Chong Kin – Southeast Asia Data Privacy and Protection Lawyer of the Year 2024
GDR 100
Listed as one of the world’s top 100 data law firms by Global Data Review for 4 consecutive years
The practice “accurately identifies our needs without much prompting” and is able to “tailor a comprehensive scope of services which met our objectives, timeline and budget”. The client also praises the team’s extensive network, which is “able to connect us with reputable law firms in other countries to assist us on the personal data protection project, so while we communicated with Drew & Napier only, the team smoothly coordinated the project with foreign law firms”.
One client notes Chong Kin’s “impressive” knowledge of personal data protection law and appreciates ability to provide advice on a “regulator’s stance and rationale for the law”.
Another client praises David Alfred for his ability to “quickly analyse complex issues and provide robust analysis on compliance processes”.
“The firm provides a seamless and personalised service that gives you surety that the lawyers in charge are considering your matters after putting down the phone. It doesn’t attempt to bill for every bit of advice, and doesn’t give constant disclaimers to fend off liability, which is a sign of confidence. In urgent situations, its lawyers are prepared to give advice directly, without insisting upon written instructions. The firm has a wide global network which gives easy access to reputable and reliable lawyers in other jurisdictions – it has relationships with these and so isn’t just name dropping.”
“Whether you have a fat or lean legal budget, Chong Kin remains consistent as a true partner and far-sighted adviser. His knowledge of data protection law is impressive but, best of all, he is able to advise about the regulator’s stance and the rationale behind the law. He is also incredibly responsive and gives matters his personal attention.”
Chambers Asia Pacific
TMT 2024 - Band 1 for 17 consecutive years
Leading Individual:
Lim Chong Kin
"Drew & Napier houses a first-class team assisting blue-chip international companies, service providers and regulatory authorities from across the region with the full range of TMT matters."
“Drew & Napier are able to handle complex mandates relating to data protection and cybersecurity, fintech, and technology procurement and regulations; they’re equipped to offer the full breadth of services surrounding the TMT sector.”
"The firm is a relationship builder that focuses on their clients' needs. They have impeccable interpersonal skills and are always willing to go the extra mile."
One client appreciates the fact that the team's advice is "not just based on the law but is also practical."
"The firm is extremely knowledgeable in the areas we have discussed. Everyone we interacted with understands the issues from a commercial point of view."
"It was awesome - they are so fast and very hands-on."
“Areas of strength include telecoms and media regulations, as well as data protection issues.”
The Asia Pacific Legal 500
Data Protection & Cybersecurity 2024 – Tier 2
Leading Individual:
David N. Alfred
Recommended Lawyers:
Lim Chong Kin
Anastasia Su-Anne Chen
‘Lim Chong Kin and his team give realistic and practical advice for our engagement. They are able to provide effective solutions.’
‘Anastasia Su-Anne Chen’s subject matter expertise truly shines through when dealing with novel problems.’
‘David Alfred – critical thinking, solid drafting and excellent legal strategy.’
‘They have deep technical knowledge and understanding of how the privacy regulator in Singapore thinks. They also have technical expertise in-house which is helpful when dealing with data breaches.’
‘Lim Chong Kin always has his eye on the business side of the house and can always be depended upon to provide practical, down-to-earth advice.’
‘Their responsiveness, technical knowledge and practical advice are exceptional.’
‘This is an exceptional team that consistently delivers expert advice and client-centric service. One unique aspect of this team is that it blends legal acumen with deep industry knowledge and technical expertise. Not only do clients have access to data protection partners with a wealth of public sector and regulatory experience, we also can tap the brains of senior cybersecurity and privacy engineers.’
‘David Alfred possesses a deep understanding of the nuances and intricacies of data protection and can be relied on to provide sound advice and practical guidance at each stage of the matter.’
TMT 2024 – Tier 1 (2024, 2009 – 2019); Tier 2 for 4 consecutive years (2020 – 2023)
Hall of Fame:
Lim Chong Kin (5 consecutive years)
Leading Individual:
Lim Chong Kin (9 consecutive years; 2010 - 2019)
Recommended Lawyer:
David Alfred (4 consecutive years)
Rakesh Kirpalani
‘Their exceptional combination of legal prowess and technical acumen has earned them a well-deserved reputation as pioneers in the industry.’
‘Deep subject matter expertise and an ability to quickly obtain informal guidance from regulators on murky issues. Superbly responsive and comprehensive.’
’The team is solid in the Singapore market. Reliable and commercial.’
‘responsive, collaborative and progressive as a firm.’
‘team at Drew & Napier LLC is one such remarkable ensemble, carving a niche for themselves in the field of tech law.’
'Lim Chong Kin is approachable and always willing to provide practical and useful advice.’
‘Rakesh Kirpalani’s unique blend of legal acumen and technological expertise has made him a trailblazer in the niche market of tech law. Few can match the depth of his understanding of both the legal intricacies and the technological aspects of the cases he handles.’
‘provides a truly excellent service in terms of responsiveness, business acumen and practical knowledge’
‘fantastic’ and ‘deserve strong recognition for their client focus’
"excellent legal knowledge and in-depth understanding of the regulator"
Best Lawyers International: Singapore
Privacy and Data Security Law 2025 – David N. Alfred (Endorsed individual)
Who’s Who Legal
Lim Chong Kin
Global Guide: Data – Information Technology 2024 – Recommended Lawyer for 6 consecutive years
Global Guide: Data – Data Privacy & Protection 2024 – Recommended Lawyer for 3 consecutive years
Global Guide: Telecoms & Media 2024 – Recommended Lawyer for 6 consecutive years
National Guide: Southeast Asia – Data 2024 – Recommended Lawyer for 4 consecutive years
asialaw Profiles
“They have experience and expertise, understand the client's needs, are practical, solutions-oriented, timely, and value for money.”
“Incisive regulatory advice.”
“Drew & Napier is very knowledgeable and comes up with practical solutions that comply with the law while balancing the needs of the business.”
“Proactive, responsive, timely and solutions-oriented.”