The Personal Data Protection Act requires organizations in Singapore to obtain customer consent for data collection and implement security measures to protect personal data. Companies face significant penalties for non-compliance, including fines up to SGD 1 million. Organizations are advised to perform strategic changes and assessments to align with the act by the compliance deadline of June 2014.

1. PERSONAL DATA
PROTECTION ACT
OPPORTUNITY FOR INTERNAL ALIGNMENT
EPC Partners Pte Ltd. ©2013

2. A new act
YOUR OBLIGATION
• Consent You organization must seek the
consent of customers before collecting and
storing their data, and inform the customer
about the purpose of the data collection.
• Protection you shall protect personal data in
its possession or under your control by making
reasonable security arrangements to prevent
unauthorized access, collection, use,
disclosure, copying, modification, disposal or
similar risks.
• Data Transfer Outside Sg Restricted You
also have to ensure a comparable standard of
protection for personal data if they’re
transferring it outside Singapore.
• Transitional Arrangements
Your organization has been given 18 months
from implementation in January 2013 to
comply with the rules.
• Marketing Messages Restricted Use of
personal data to contact a person registered
under the “Do Not Call Registry”. Marketing
message should content clearly identify the
sender with contact information.
THE PENALTIES
§ SG$ 1 Million fine
Companies found in violation of the
rules can be fined up to S$1 million
(US$820,000) for every data
protection offense.
§ SG$1,000 for every day
or part thereof during which the
offence continues after conviction.
¡ SG$$100,000
if An organization or person
obstructs the in the performance of
their duties or powers under this Act;
or makes a false statement to the
Commission, or knowingly attempts
to mislead the Commission,
¡ SG$ 10,000
Up to S$10,000 (US$8200) per
customer complaint.
What this new act in Singapore means to your Organization?
EPC Partners Pte Ltd. ©2013

3. Impact on your organization
Many aspects of your business might have to be revisited
Update procedure
Train resources
Update Materials
Update procedure
Train resources
Update Materials
Update procedures
Update systems
Prepare Communication
Strategy to handle claims
Train New Resources
Update data handling procedure
Update HR system
Update procedures
Update systems
Update contracts
Train resources
Update procedures
Update Policies
Update Contracts
Update Policies
EPC Partners Pte Ltd. ©2013

4. A Recommended approach
Perform strategic changes to align every areas of your
organization before the deadline
1. Assessment
status of Personal
Data Protection.
3. Prioritize
necessary
changes with KPI.
6. Train internal
Resources.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 16 17 18
2. Gap Analysis 4. Implementation
of changes.
5. Re-Asssess
Personal Data
Protection
Readiness.
7. Plan for
Personal Data
Protection Audit.
Start (01-2013) End (06-2014)
EPC Partners Pte Ltd. ©2013
“The best time to plant a tree is twenty years ago. The second best time is now” __ Chinese Proverb

5. EPC Partners Pte Ltd. ©2013
¡ Provide Road Map to Compliance
¡ Assessment on Personal Data Protection
¡ Perform Gap Analysis against PDPA
¡ Support Business Case and Change Request
¡ Provide Recommendations for changes & KPI
¡ Confirm your Personal Data Lifecycle
¡ Confirm your Data Security Lifecycle
¡ Design Self-Assessment for PDP
About Our Organization
Support and lead your change initiatives

6. 6
Your Success is
Our Reward
EPC Partners Pte Ltd. ©2013
EPC Partners Pte Ltd.
Singapore
+65 8622 0345
www.epc-partners.net