Singapore: Implemented provisions of Amendment to Personal Data Protection Act (notification system, data portability, consent framework)

On 1 February 2021, the provisions of the Personal Data Protection Act Amendment concerning data breach notifications, data portability and the consent framework are implemented. In the case of a data breach, the amendment introduces a mandatory notification system to the Personal Data Protection Commission (PDPC). Furthermore, the Amendment implements the right of data portability and extends the consent framework introducing legitimate interest and business improvement exceptions. The increase of the maximum financial penalty imposable for data breaches will be implemented in the following period. In particular, the maximum is increased to the higher amount between $1 million or 10% of the organisation’s annual turnover in Singapore.