Updates on Personal Data Protection

As of 1 October 2022, the financial fines for a breach of Singapore´s Personal Data Protection provisions will be onsiderably increased.

Increase of financial fines 

As 1 October 2022, the maximum financial fines for a breach of the Personal Data Protection (PDPA) provisions will be increased from SGD 1 million to (a) SGD 1 million or (b) up to 10 percent of an organization’s annual turnover in Singapore – whichever is higher. 
Given the high financial fines that may be imposed, organizations collecting, using or disclosing personal data in Singapore should thoroughly review their existing data protection policies and processes to ensure their compli-ance with the PDPA (taking into account the amendments of the PDPA which were introduced in February 2021).

Guide on Personal Data Protection Considerations for Blockchain Design

In July 2022, the Singapore Personal Data Protection Commission (PDPC) published the GUIDE ON PERSONAL DATA PROTECTION CONSIDERATIONS FOR BLOCKCHAIN DESIGN (the GUIDE) to provide organizations with a broad set of considerations in configuring their blockchain applications to be in compliance with the PDPA. 
Since data stored on a blockchain is decentralized and tamper resistant, unique compliance issues under the PDPA – such as accountability and immutability – arise. 
Some of the PDPC recommendations include the following: 
  • Personal data should not be stored on a permissionless blockchain, whether in-clear, encrypted, or anonymized form, unless consent has been obtained from the individual for public disclosure.
  • Legally binding contracts, with clear data controller or data intermediary obligations, should be enforced by blockchain operators on all participants to ensure PDPA compliance. 
  • Technical measures, complemented by contractual and operational controls, should be implemented to enable the fulfilment of other PDPA obligations including protection obligations and correction and retention limitation obligations. 
  • Application service providers should design their applications such that personal data is stored in an off-chain database or data repository where traditional access control mechanisms can be instituted.

 From The Newsletter


Contact Person Picture

Dr. Paul Weingarten

Partner, Office head

+65 62 3867 70
+65 62 3866 30

Send inquiry

Deutschland Weltweit Search Menu