The PDPA (Personal Data Protection Act) is a Singapore law that regulates the collection, use and disclosure of personal data. It sets out the obligations of organisations that collect, use or disclose personal data, including:
Obtain consent from the data subject before collecting any personal data.
Inform the data subject of the purpose of collecting, processing, and disclosing the personal data.
Ensure that the personal data is accurate, complete, and up-to-date.
Ensure that the personal data is stored securely and is not disclosed to any unauthorized third parties.
Provide the data subject with access to their personal data and allow them to make corrections if necessary.
Allow the data subject to withdraw their consent for the use of their personal data at any time.
Delete or destroy the personal data when it is no longer needed.
Comply with the data protection laws and regulations.
Notify the data subject of any data breaches.
Provide the data subject with a copy of their personal data upon request.