SINGAPORE LAW AND PRACTICE Contributed by: Jeffrey Lim, Daniel Lim, Frederick Tay, Genevi Lim, Lakshmanan Anbarazan, Sarah Lai, Stephanie Goh and Tobias Andreas Satria, Joyce A. Tan & Partners LLC
The PDPA has extraterritorial scope, and contains provisions that impact the ability of organisations to transfer personal data out of Singapore. In particu - lar, organisations are required to ensure that personal data transferred overseas is accorded a standard of protection comparable to that provided under the PDPA, with the Act prescribing specific mechanisms through which this requirement may be satisfied. The main regulator, the Personal Data Protection Com - mission, is an active enforcement authority and has a consistent track record of taking action in relation to data breaches. Although the Commission is vested
with discretion in determining financial penalties, it has historically exercised its powers to impose pen - alties at or near the statutory maximum. Since 2021, the maximum financial penalty has been increased to SGD1 million per breach or 10% of an organisation’s annual turnover in Singapore, where the organisation’s Singapore turnover exceeds SGD10 million, which - ever is higher.As the penalty cap is calculated by refer - ence to annual turnover, it may exceed the amount of any provable economic loss. It should also be noted that the PDPA confers a right of private action, allow - ing individuals to bring claims for personal loss suf - fered as a result of a data breach.
557 CHAMBERS.COM
Powered by FlippingBook