Is your business truly compliant with personal data protection regulations?

Beauty retailer Sephora notified the Personal Data Protection Commission ("PDPC") of a data breach that led to the exposure of some customers’ personal information to unauthorised third parties, according to media reports in July.

Such incidents underscore the importance of vigilance in complying with personal data protection regulations as non-compliance might result in hefty financial penalties. In June this year, we saw 11 PDPC enforcement cases in Singapore, the highest in a month so far. In August, a company was fined as much as $54,000 for violating the Personal Data Protection Act ("PDPA").

There is also a general trend of a failure by companies to establish reasonable security arrangements to protect customers’ personal data from unauthorised access, collection, use, disclosure and other similar risks. Such arrangements include the following:

  • Appointing a Data Protection Officer ("DPO")
  • Establishing or updating your data inventory map
  • Identifying alternatives other than NRIC verification
  • Performing a thorough search of NRIC data hidden in your systems
  • Implementing a personal data retention and disposal policy
  • Performing a PDPA audit to ensure compliance
  • Ensuring that all staff are aware of their roles and responsibilities in personal data protection

Who can I consult?
Our team of auditors and business consulting specialists helps numerous clients in diverse industries to review their data protection processes and security controls. Contact us for assistance or enquiries.


Hoi Wai Khin, Director, Business Consulting
T: +65 6594 7880
[email protected]

Wendy Chua, Senior Manager, Business Consulting
T: +65 6594 7669
[email protected]