PDPA 2012: Singapore's Personal Data Protection Act - primary legislation governing the collection, use, disclosure and care of personal data
PDPA Regulations 2021: Updated regulations supplementing the main PDPA, providing detailed requirements for data protection
Spam Control Act 2007: Legislation controlling unsolicited commercial messages and protecting user privacy in electronic communications
Computer Misuse Act: Law addressing cybercrime and unauthorized access to computer material, relevant for data security provisions
Cybersecurity Act 2018: Framework for protection of critical information infrastructure and cybersecurity incident reporting
Electronic Transactions Act: Legal framework for electronic transactions and digital signatures, relevant for online consent mechanisms
Consent Obligations: PDPA requirement to obtain valid consent before collecting, using, or disclosing personal data
Purpose Limitation: Legal requirement to collect, use or disclose personal data only for purposes that a reasonable person would consider appropriate
Notification Obligations: Requirement to inform individuals of the purpose for collecting, using, and disclosing their personal data
Access and Correction Rights: Individual rights to request access to and correction of their personal data held by organizations
Protection Obligations: Requirements to make reasonable security arrangements to protect personal data from unauthorized access and similar risks
Retention Limitation: Obligation to cease retention of personal data when no longer necessary for legal or business purposes
Transfer Limitation: Restrictions on transferring personal data outside of Singapore without ensuring comparable protection standards
Accuracy Obligation: Requirement to make reasonable effort to ensure that personal data collected is accurate and complete
Data Protection Impact Assessments: Guidelines for assessing and mitigating risks associated with processing personal data
