OneTrust DataGuidance is pleased to announce the release of the GDPR v. PDPA Report, which compares data protection requirements and recommendations under the GDPR and Singapore’s Personal Data Protection Act (‘PDPA’).
The Report has been produced in collaboration with Rajah & Tann and examines obligations under Singapore’s PDPA, as well as the relevant guidance issued by the Personal Data Protection Commission (‘PDPC’). The scope, main definitions, legal bases, data controller and processor obligations, data subject rights, and enforcement capacities contained in the PDPA and relevant guidance are detailed and compared with the requirements laid out under the GDPR. While the PDPA currently remains silent with regard to certain obligations and data breach notification requirements, the PDPC’s guidance outlines a number of recommendations and best practices that share similarities with the GDPR.
- The GDPR applies to both private and public bodies, whereas the PDPA excludes public agencies and organizations acting on behalf of public agencies from its scope
- Similar concepts of ‘data controller’ and ‘data processor’ present in both laws
- Data subject rights provided for under both the GDPR and PDPA, however, the PDPA does not currently provide data subjects with the right to erasure or data portability
- Both laws provide supervisory authorities with wide-ranging powers and outline significant monetary penalties
- Breach notification requirements expected to be added to the PDPA in short to medium term
Download the report HERE.