PDPA 2012: Singapore's Personal Data Protection Act 2012 - Primary legislation governing data protection, setting out nine main obligations for handling personal data
PDP Regulations 2021: SecoNDAry legislation providing detailed requirements for implementing PDPA obligations
PDPC Advisory Guidelines: Guidelines on Key Concepts in the PDPA providing practical guidance on interpreting the PDPA
Private Sector Guidelines: PDPC's Guidelines specifically focused on personal data protection requirements for private sector organizations
Notification Obligation: Legal requirement to inform individuals of the purpose for collecting, using, and disclosing their personal data, including overseas transfers
Consent Obligation: Requirement to obtain valid consent before collecting, using, or disclosing personal data, with applicable exceptions
Purpose Limitation: Obligation to only collect, use or disclose personal data for reasonable purposes, with all intended purposes specified
Access and Correction Rights: Requirement to inform individuals of their rights to access and correct their personal data
Protection Obligation: Requirement to implement and outline security measures to protect personal data
Retention Limitation: Obligation to specify duration of data retention and ensure data is not kept longer than necessary
Transfer Limitation: Requirements for overseas data transfers, ensuring comparable protection standards in recipient countries
