Inside the Content
- What is data privacy?
- What are some data privacy examples?
- Stay compliant with data privacy laws with our help
Why is data privacy ever so important?
The increase of Internet usage over the years has highlighted the significance of data privacy, which is often regarded as a basic human right.
Businesses that fail to adhere to data privacy rules can be severely penalised.
What is data privacy?
Take this example: if a customer shares their name, address, and number with you, your company will need to store that data safely and ensure it doesn’t get into the wrong hands.
Simply put, data privacy is the act of protecting personal data from others who shouldn’t have access. It also involves our capability to decide who can access private information.
What are some data privacy laws in Singapore?
Countries worldwide have enacted strict data privacy laws because of its importance.
Singapore has its own Personal Data Protection Act (PDPA), and this Act had some amendments made to it last year that companies should note.
Related Read: PDPA Singapore
What are some data privacy examples?
If you’ve been strictly adhering to Singapore’s data privacy laws so far, here’s how you can continue to remain compliant in 2022 by taking these changes into account.
We haven’t listed all of them, but here are the main ones:
Allow customers to port out their data
Losing customers to another organisation is not something you would want, but ultimately, your customer has the right to take their business elsewhere.
Per the 2020 amendment to the PDPA, consumers can now request a copy of their personal data in a commonly used machine-readable format to be transferred to another organisation (read: business).
As a business owner, you need to ensure that this is something you can do for your customers to give them control over their own personal information.
You can go about this in several ways, such as having a dedicated inbox or link on your company site that can ensure smooth and hassle-free data portability.
Related Read: How to Protect Your Data Online: 5 Safety Tips for SMEs
Notify the relevant parties if there’s a data breach
Another key amendment made to the Act is the mandatory breach notification.
Under this requirement, businesses must notify the Singapore Personal Data Privacy Commissioner (“PDPC”) and individuals affected if there has been a breach.
But you’ll only need to make this notification if you fulfil either condition:
- The breach is likely to result in significant harm to an affected individual
- The breach is likely to affect 500 or more individuals
‘Likely’ here means a very high probability of something happening. Because that has a vague meaning in this context, you’ll need to use your best judgment to decide whether or not there has been a breach.
If you believe that a breach has indeed happened, there’s an assessment you can make to know whether or not it has to be reported to the PDPC.
This assessment is whether the breach is notifiable in a “reasonable and expeditious” manner. You’ll also need to look at what type of data was affected, how serious the breach was, and the number of people that have possibly been affected by it.
If you determine that the breach needs to be reported, you must do so in 72 hours.
As mentioned earlier, you’ll also need to notify the individuals whose data have been compromised, but there are exemptions from this requirement:
- If you had applied any technological measure before the breach that makes it unlikely to result in significant harm to an affected individual
- If you can take action after the breach that makes it unlikely to cause significant harm to an affected individual
Related Read: Importance Of Data In Your Business
Be transparent with your customers’ data
Keeping your customers’ data safe isn’t just limited to ensuring it doesn’t go to the wrong hands. While you’re in charge of that personal information yourself, you must also not misuse it.
When a customer signs up for your service and shares their details, you need to tell them why you’re collecting this data and what it will be used for.
This lets the customer decide whether or not to give that information in the first place. Ensuring transparency when handling your customers’ particulars is crucial if you want to comply with data privacy laws in Singapore.
Don’t spam your customers
We’ve looked at the Personal Data Protection Act and some of the changes made to it.
But Singapore also has another set of laws for data privacy that businesses need to comply with–the Spam Control Act. Now, let’s say you’re collecting customer data for marketing purposes, which is perfectly fine.
What you cannot do, however, is bombard your client base with texts, emails, calls, and other forms of communication in the name of promotions.
Be reasonable and professional, and allow your customers to unsubscribe from a mailing or calling list if they no longer want to hear from you.
Stay compliant with data privacy laws with our help
Keeping up with the law isn’t always an easy task, especially if you’re not legally savvy.
Fortunately, there are resources you can use, such as the database of Singapore Statutes Online or the legal updates section in The Straits Times.
You can also our savvy experts who are well-informed on the latest data privacy laws!
FAQs on Data Privacy
- Some common problems are personal identifiable information (PII), the costs involved in maintaining privacy, and human error.
- Here are some reasons why it is important:
- Helps to prevent unnecessary fines and fees
- Helps to build trust with customers
- Boosts your reputation with customers and other stakeholders
- Some examples are data encryption, cloud backup, and password protection.
Abide to data privacy laws with our help
Ensure that you stay compliant with the different rules and regulations in Singapore with Rikvin’s professional advice and guidance!