PDPA 2012: Singapore's primary data protection legislation that governs the collection, use, disclosure, and care of personal data, establishing core obligations for Notification, Purpose, and Consent
PDPC Advisory Guidelines: Supplementary guidelines providing detailed interpretation of PDPA requirements, including key concepts, protection obligations, notification requirements, and consent obligations
Spam Control Act: Legislation relevant for consent requirements related to marketing communications and messages
Healthcare Services Act: Specific regulations for healthcare data protection and consent requirements, applicable when handling medical information
Private Hospitals and Medical Clinics Act: Additional healthcare-specific regulations governing medical data protection and patient consent
Banking Act: Contains banking secrecy provisions relevant when handling financial personal data
Organization Identification Requirement: mandatory requirement to clearly identify the organization collecting personal data in the consent form
Purpose Specification Requirement: Obligation to clearly state specific purposes for which personal data is being collected
Data Type Specification: Requirement to list all types of personal data being collected
Data Usage and Storage Declaration: Obligation to explain how personal data will be used and stored
Third-party Disclosure Requirements: Requirement to specify any third-party disclosures of personal data
Data Subject Rights: Obligation to inform individuals of their rights under PDPA regarding their personal data
Consent Withdrawal Procedures: Requirement to specify procedures for withdrawing consent
Contact Information Requirement: Obligation to provide contact information for data protection queries
Cross-border Transfer Notice: Requirement to include details about any international transfers of personal data
