The Singapore Personal Data Protection Commission has issued guidance on privacy disclosures:

  • Highlight information that may be of particular concern to individuals, such as purposes of use or situations where personal data will be disclosed.
  • Use headings, titles and sections especially when the notification is expected to convey a lot of information.
  • Use a layered

“Organisations in Singapore are now expected to take no more than 30 days to complete an investigation into a suspected data security breach and notify the authorities of the incident 72 hours after completing their assessment. These are part of new guidelines to help companies manage data breaches more effectively and are expected to be

The “Data Protection Trustmark Certification” (DPTM), promulgated by the Singapore Infocomm Media Development Authority (IMDA) is a voluntary enterprise-wide certification for organizations to demonstrate sound and accountable data protection practices.

DPTM assessment can only be conducted by an IMDA appointed panel of assessment bodies. The certification will be valid for three years and will need