Frequently Asked Questions
Answers to Your Data Privacy and User Rights Queries
What does PDPA compliance involve?
PDPA compliance covers the full lifecycle of personal data management: collection with consent, secure storage, appropriate usage, disclosure control, and subject access rights, all in line with Singapore’s regulatory framework.
How can my organization ensure lawful data processing?
Begin with a detailed data mapping exercise, obtain clear consent where required, implement appropriate security measures, and maintain records of processing activities to demonstrate accountability.
What rights do individuals have under Singapore’s privacy laws?
Individuals can request access to their data, ask for corrections, withdraw consent at any time, and be informed of how their data is being processed or shared.
How often should I review my privacy policies?
Policies should be reviewed at least annually or whenever there is a change in business practices or regulations to ensure ongoing alignment with legal requirements.
Can datarights assist with cross-border data transfers?
Yes, our team advises on lawful transfer mechanisms, contractual safeguards, and compliance with local and international transfer requirements.
What steps should I take in the event of a data breach?
Assess the scope of the breach, contain the incident, notify affected individuals and the PDPC as required, and implement corrective measures to prevent recurrence.
How can I submit a data access request under PDPA?
You may submit a request to access your personal data by contacting us via the form on datarights.info or by sending a written request to our office. We will verify your identity and respond within the statutory timeframe set out in the Personal Data Protection Act (PDPA).
What types of personal data do you collect?
We collect only the personal information necessary to provide our advisory services, including contact details, organisation name, and relevant project information. We do not collect sensitive personal data unless strictly required and with explicit consent.
How do you ensure user consent is valid?
We follow a clear consent process where individuals are informed about the purpose of data collection, the types of data collected, and their rights. Consent records are retained securely to demonstrate compliance.
Can I request correction or deletion of my personal data?
Yes. Under the PDPA, you have the right to request correction of inaccurate data or deletion of data that is no longer necessary. Submit your request through our data subject request portal and we will assess and act in accordance with the law.
What measures do you take to protect personal data?
We implement administrative, technical, and physical security measures proportionate to the sensitivity of the data. This includes access controls, encryption at rest and in transit, and regular security reviews.
Do you transfer data outside Singapore?
Cross-border transfers are conducted only with jurisdictions that have comparable data protection standards or with appropriate contractual safeguards as required by PDPA. We will inform data subjects before any transfer.
How long do you retain personal data?
Personal data is retained only for as long as necessary to fulfil the purpose for which it was collected or as required by applicable laws and professional standards. Retention periods are documented in our internal data retention schedule.
What is your policy on third-party service providers?
We engage third-party providers only after conducting due diligence on their data protection practices. Contracts include obligations to process data only as instructed, maintain confidentiality, and implement appropriate security safeguards.
How can I contact your data protection officer?
You may contact our appointed data protection officer by writing to [email protected] or sending a letter to 1 Cluny Road, Singapore 259569. We aim to respond to all enquiries without undue delay.