Personal Data Protection Act 2012 (PDPA): Primary legislation governing the collection, use, disclosure, and care of personal data in Singapore. Establishes consent obligations, purpose limitation, and notification requirements.
Personal Data Protection Regulations 2021: Subsidiary legislation under PDPA providing detailed requirements for data protection compliance.
Personal Data Protection (Notification of Data Breaches) Regulations 2021: Specific regulations dealing with mandatory data breach notification requirements.
PDPC Advisory Guidelines on Key Concepts: Official guidelines explaining fundamental concepts and interpretation of the PDPA.
PDPC Advisory Guidelines on Consent Obligation: Specific guidelines detailing requirements and best practices for obtaining valid consent.
PDPC Advisory Guidelines on Notification Obligation: Guidelines specifying requirements for notifying individuals about the collection, use, and disclosure of their personal data.
Banking Act and MAS Guidelines: Sector-specific regulations for financial institutions handling personal data in Singapore.
Healthcare Services Act: Sector-specific legislation governing personal data handling in healthcare settings.
Education Act: Sector-specific legislation relevant for educational institutions handling personal data.
General Data Protection Regulation (GDPR): EU regulation relevant if the organization handles data of EU residents, even from Singapore.
APEC Cross-Border Privacy Rules (CBPR): International framework for cross-border data transfers within APEC member economies.
Binding Corporate Rules (BCRs): Framework for multinational companies to transfer personal data internationally within their corporate group.
