Singapore: PDPC fines MDIS Corporation SGD 10,000 for failing to put in place reasonable security arrangements
The Personal Data Protection Commission ('PDPC') announced, on 3 August 2020, that it had fined the Management Development Institute of Singapore ('MDIS') Corporation Pte Ltd SGD 10,000 (approx. €6,190) for failing to put in place reasonable security arrangements to protect the personal data of individuals who had provided their information to MDIS Corporation for registration purposes. In particular, the PDPC highlighted that MDIS Corporation had breached Section 24 of the Personal Data Protection Act 2012 (No. 26 of 2012) ('PDPA') by failing to communicate any data protection requirements to its vendor or developer and to detect vulnerabilities prior to the launch of the website. Furthermore, the PDPC noted that while an organisation may delegate work to vendors in order to comply with the PDPA, an organisation's responsibility to comply with its obligations under the PDPA may not be delegated.
You can read the decision here.