Personal Data Protection (Amendment) Act 2024 - Portal for Registration of Data Protection Officer

1. Processes personal data of more than 20,000 data subjects; 
2. Processes sensitive personal data including financial information, biometric data or health data of more than 10,000 data subjects; or
3. Involve activities that required regular and systematic monitoring of personal data.  

Appointment 

A DPO can be appointed from existing employees or through outsourcing. The data controller and data processor are required to ensure that the appointed DPA possesses the minimum skills listed below: 

1. Knowledge of the Personal Data Protection Act 2010;
2. Understanding of the business and operations and personal data processing of the data controller and data processor;
3. Understanding of information technology and data security; 
4. Personal qualities such as integrity, understanding of corporate governance and high professional ethics; and 
5. Ability to promote data protection culture within the organization.

1. Inform and provide advice to the data controller or data processor on the processing of personal data;
2. Support the data controller or data processor in complying with the Personal Data Protection Act 2010 and other related data protection laws including staying updated on processing risks that may impact the data controller or data processor; 
3. Support the conduct of data protection impact assessments; 
4. Monitor the personal data compliance of the data processor or data controller; 
5. Ensure proper data breach and security incident management; 
6. Act as a facilitator and point of contact for data subjects; and 
7. Act as the liaison officer and the point of contact for the Personal Data Protection Commissioner.