Personal Data Protection Act 2012 (PDPA): Primary legislation governing the collection, use, disclosure, and protection of personal data in Singapore. Includes requirements for consent, purpose limitation, data protection, and cross-border data transfer requirements.
Cybersecurity Act 2018: Legislation focusing on protection of critical information infrastructure, setting standards for cybersecurity protection and incident reporting requirements.
Computer Misuse Act: Addresses unauthorized access and modification of data, providing framework for security provisions in data exchange agreements.
Electronic Transactions Act: Governs electronic records and signatures, establishing validity of electronic data transfers and digital communications.
Singapore Contract Law (Contract Act): Fundamental legislation governing contract formation and enforcement principles, including consideration, capacity, and other contractual elements.
Industry-specific regulations: Sector-specific regulations that may apply depending on the nature of data being exchanged (e.g., healthcare, financial services).
International data protection laws: Consideration of international data protection regulations for cross-border transfers, such as GDPR for EU-related data.
Singapore Guidelines on Data Protection by Design and by Default: Guidelines providing framework for incorporating data protection considerations into the design and implementation of data handling systems and processes.
MAS Guidelines: Monetary Authority of Singapore guidelines applicable when handling financial data or working with financial institutions.
ASEAN Framework on Personal Data Protection: Regional framework providing principles for personal data protection within ASEAN member states, relevant for regional data exchanges.
