ข้ามไปยังเนื้อหาหลัก

Record of Processing Activities (Art. 30 GDPR · PDPA ม.39) → Singapore (PDPA 2012) 🇸🇬

Personal Data Protection Act 2012 · Personal Data Protection Commission (PDPC SG)

From 55,000-185,000 บาท14-45 working days
083-249-4999 Chat on LINE

Singapore (PDPA 2012) is regulated by Personal Data Protection Commission (PDPC SG) under Personal Data Protection Act 2012 — breach notification within 72 hours.

Partner network — Bird & Bird, OneTrust, BSI, DNV — for ISO certification, cross-border SCC, EU representative service.

Singapore (PDPA 2012) legal regime: Personal Data Protection Act 2012 — enforced by Personal Data Protection Commission (PDPC SG) with max fines of SGD 1M or 10% turnover. Mandatory breach notification from 2021 + Do Not Call Registry + DPO appointment mandatory.

Breach notification: 72 hours — 24/7 incident hotline available.

End-to-end: Record of Processing Activities (Art. 30 GDPR · PDPA ม.39) → mapping → control implementation → Personal Data Protection Commission (PDPC SG) registration (where applicable) → ongoing audit.

72-hour breach response SLA — 38 incidents handled in 2024-2025 (ransomware, vendor breach, insider) — every case notified PDPC/DPA/customer within window.

Coverage

Thailand PDPA Compliance Pack (PDPA B.E. 2562)
🇸🇬 Singapore (PDPA 2012)
EU GDPR Compliance Pack (Regulation 2016/679)
🇸🇬 Singapore (PDPA 2012)
CCPA/CPRA Compliance (California Consumer Privacy Act)
🇸🇬 Singapore (PDPA 2012)
DPO Appointment Service (PDPA & GDPR)
🇸🇬 Singapore (PDPA 2012)
DPIA (Data Protection Impact Assessment)
🇸🇬 Singapore (PDPA 2012)
SCCs + BCRs (International Data Transfer)
🇸🇬 Singapore (PDPA 2012)
Breach Response & 72-Hour Notification
🇸🇬 Singapore (PDPA 2012)
Cookie Consent + Consent Management Platform
🇸🇬 Singapore (PDPA 2012)
Data Subject Access Request (DSAR) Handler
🇸🇬 Singapore (PDPA 2012)
Privacy Policy + Terms of Service Drafting
🇸🇬 Singapore (PDPA 2012)
ISO/IEC 27701 PIMS Certification Readiness
🇸🇬 Singapore (PDPA 2012)

How it works

  1. 1

    Map Personal Data Protection Act 2012

    Compliance plan aligned with Personal Data Protection Commission (PDPC SG).

  2. 2

    Prepare Record of Processing Activities (Art. 30 GDPR · PDPA ม.39)

    14-45 working days at 55,000-185,000 บาท.

  3. 3

    Transfer mechanism

    SCC + BCR + TIA + adequacy assessment as required.

  4. 4

    Local representative

    Local DPO or representative per destination law.

  5. 5

    DPA registration

    Notification/filing with Personal Data Protection Commission (PDPC SG) where required.

  6. 6

    Ongoing monitoring

    Quarterly review + annual audit + breach drill + DSAR queue monitoring.

Frequently asked questions

Which law applies in Singapore (PDPA 2012)?

Personal Data Protection Act 2012

Supervisory authority?

Personal Data Protection Commission (PDPC SG)

Maximum fine?

SGD 1M or 10% turnover

Breach window?

Within 72 hours.

Market-specific caution?

Mandatory breach notification from 2021 + Do Not Call Registry + DPO appointment mandatory.

Local representative required?

Depends on scope of processing.

Cross-border transfer requirements?

SCC + TIA + (for CN/RU) data localisation + government security assessment.

Related services

Back to Record of Processing Activities (Art. 30 GDPR · PDPA ม.39) All jurisdictions 🇹🇭 Thailand (PDPA) 🇪🇺 European Union (GDPR) 🇬🇧 United Kingdom (UK GDPR + DPA 2018) 🇺🇸 California (CCPA/CPRA)