All Countries
Data Privacy
DPA Addendum

DPA Addendum Generator for Singapore

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your DPA Addendum

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

DPA Addendum

"I need a DPA Addendum under Singapore law for my software company that processes customer data across APAC, with specific focus on healthcare data security requirements and cross-border transfers to Australia, to be effective from March 2025."

Celebrated by
Collaborations with
Investors
Document background
The DPA Addendum is essential when one party processes personal data on behalf of another under Singapore jurisdiction. It should be implemented whenever there's a controller-processor relationship involving personal data processing activities. The document ensures compliance with Singapore's PDPA and related regulations, addressing key aspects such as data security, breach notification, cross-border transfers, and sub-processor management. This addendum is particularly crucial given Singapore's strict data protection regime and its position as a major business hub in Asia.
Suggested Sections

1. Parties: Identification of data controller and data processor, including full legal names and registration details

2. Background: Context of the data processing relationship and reference to main agreement

3. Definitions: Key terms used throughout the DPA including Personal Data, Processing, Data Subject, Controller, Processor, etc.

4. Scope of Processing: Details of permitted data processing activities, purposes, and types of personal data

5. Data Protection Obligations: Core obligations regarding data security, privacy, and compliance with PDPA requirements

6. Security Measures: Required technical and organizational measures to ensure data protection

7. Breach Notification: Procedures and timelines for handling and reporting data breaches

8. Term and Termination: Duration of the DPA and conditions for termination

9. Governing Law: Specification of Singapore law as governing law and jurisdiction

Optional Sections

1. Cross-Border Transfers: Requirements and safeguards for international data transfers under PDPA

2. Industry-Specific Requirements: Additional obligations for regulated sectors such as healthcare or financial services

3. Data Protection Impact Assessment: Requirements and procedures for conducting DPIAs for high-risk processing

4. Audit Rights: Provisions for conducting audits and inspections of data processing activities

5. Data Subject Rights: Procedures for handling data subject requests and rights under PDPA

Suggested Schedules

1. Schedule 1: Processing Details: Detailed description of processing activities, categories of data subjects and personal data, processing purposes

2. Schedule 2: Security Measures: Comprehensive list of technical and organizational security measures implemented

3. Schedule 3: Approved Sub-processors: List of authorized sub-processors, their roles, and locations

4. Schedule 4: Transfer Mechanisms: Details of cross-border transfer safeguards and mechanisms used

5. Schedule 5: Data Breach Response Plan: Detailed procedures and contact information for data breach response

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Clauses
Scope of Processing
Data Protection Compliance
Security Requirements
Sub-processing
Confidentiality
Data Subject Rights
Data Breach Notification
Audit Rights
Cross-border Transfers
Data Retention and Deletion
Liability and Indemnification
Term and Termination
Return or Destruction of Data
Cooperation and Assistance
Technical and Organizational Measures
Records of Processing
Data Protection Impact Assessments
Governing Law and Jurisdiction
Severability
Assignment
Force Majeure
Notice Requirements
Entire Agreement
Amendment and Variation
Industries

PDPA 2012: Singapore's Personal Data Protection Act 2012 - Primary legislation governing personal data protection in Singapore

PDPA Regulations 2021: Updated regulations implementing the PDPA, including mandatory data breach notification requirements

PDPA Advisory Guidelines: Practical guidance issued by PDPC on the interpretation and implementation of the PDPA

Healthcare Services Act: Sector-specific regulation governing handling of healthcare data in Singapore

MAS Guidelines on Outsourcing: Financial sector guidelines issued by Monetary Authority of Singapore for data handling in outsourcing arrangements

Telecommunications Act: Sector-specific regulation governing telecom data handling in Singapore

PDPA Cross Border Transfer Requirements: Specific requirements under PDPA for transferring personal data outside of Singapore

ASEAN Framework: ASEAN Framework on Personal Data Protection providing regional data protection principles

Cybersecurity Act 2018: Singapore legislation establishing cybersecurity requirements and critical infrastructure protection

Computer Misuse Act: Singapore legislation addressing computer crimes and unauthorized access to data

Electronic Transactions Act: Singapore legislation governing electronic transactions and digital signatures

GDPR Considerations: EU General Data Protection Regulation requirements if processing EU resident data

APEC CBPR: APEC Cross-Border Privacy Rules System for consistent data protection across APEC economies

ISO/IEC 27001: International standard for information security management systems

Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

DPA Addendum

find out more

Data Sharing Agreement Controller To Processor

find out more

Processor To Processor DPA

find out more

Data Management Agreement

find out more

Data Controller To Data Controller Agreement

find out more

Controller To Controller DPA

find out more

Third Party Data Processing Agreement

find out more

Data Transfer Addendum

find out more

Personal Data Transfer Agreement

find out more

Controller Processor Agreement

find out more

Order Processing Agreement

find out more

Data Protection Agreement For Employees

find out more

Affiliate Addendum

find out more

International Data Transfer Agreement

find out more

Data Protection Addendum

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.