Comparing privacy laws: GDPR v. Singapore PDPA
Comparing Privacy Laws: GDPR v. Singapore PDPA
OneTrust DataGuidance is pleased to announce the release of the GDPR v. Singapore PDPA Report, which compares data protection requirements and recommendations under the GDPR and Singapore's Personal Data Protection Act ('PDPA').
Watch Now: Examining Japan's APPI Amendments v. the GDPR and PDPA Webinar
The Report has been produced in collaboration with Rajah & Tann and examines obligations under the Singapore PDPA, as well as the relevant guidance issued by the Personal Data Protection Commission ('PDPC'). The scope, main definitions, legal bases, data controller and processor obligations, data subject rights, and enforcement capacities contained in the PDPA and relevant guidance are detailed and compared with the requirements laid out under the GDPR. While the PDPA currently remains silent with regard to certain obligations and data breach notification requirements, the PDPC's guidance outlines a number of recommendations and best practices that share similarities with the GDPR.
Key takeaways:
- The GDPR applies to both private and public bodies, whereas the PDPA excludes public agencies and organizations acting on behalf of public agencies from its scope
- Similar concepts of 'data controller' and 'data processor' present in both laws
- Data subject rights provided for under both the GDPR and PDPA, however, the PDPA does not currently provide data subjects with the right to erasure or data portability
- Both laws provide supervisory authorities with wide-ranging powers and outline significant monetary penalties
- Breach notification requirements expected to be added to the PDPA in short to medium term