Personal Data Protection Services

Manage Data Protection Compliance with Ease

Firms are under increasing pressure to minimise their potential exposure to hefty penalties resulting from non-compliance with data protection regulations as they manage vast amounts of personal information. Local businesses face this risk on multiple fronts, particularly with regard to Singapore’s Personal Data Protection Act (PDPA) and the European Union’s General Data Protection Regulation (GDPR) that took effect on 25 May 2018. Such laws require companies to comply with relevant privacy regulations relating to areas such as employee data, customer information and shareholder information. Apart from compliance, personal data protection is also crucial because it increases customers’ trust in the company.

What is the Personal Data Protection Act (PDPA)?

Singapore’s PDPA consists of the Data Protection Provisions and Do Not Call Provisions. Personal data includes a person’s full name, NRIC number and mobile phone number, among others. Organisations are required to comply with the PDPA if they undertake activities relating to the collection, use or disclosure of personal data. Businesses need to manage the following obligations under the PDPA.


What is the General Data Protection Regulation?

The European Union’s GDPR regulates the processing of personal data relating to individuals in the EU by an individual or an organisation. It also applies to companies that have controllers or processors of personal data based in the EU. Organisations should note the following under the GDPR:

  • A wider coverage over what is considered personal data, including IP addresses of individuals
  • Requirement to delete all personal data relating to the individual upon withdrawal of consent unless there is a legal basis for not doing so
  • Individuals have the right to expect their personal data to be “forgotten”. This requires organisations to delete all personal data relating to the individual when it is no longer necessary for the purpose of its collection.

Our "Privacy by Design" Solution

We help organisations to establish a data privacy programme that is based on a “Privacy by Design” approach. This means embedding privacy in all aspects within the organisation, from information-processing systems and technologies to policies and procedures that govern data management as well as employee conduct. This also means adopting a strategy that manages and protects personal information throughout its entire life cycle from collection to destruction.

Governance & Control

 Policies & Implementation   

Data Management & Analysis

  • Privacy strategy and governance advisory 
  • Gap analysis 
  • Privacy impact assessment 
  • Training and awareness
  • Data Protection Trustmark (DPTM) certification facilitation 
  • Privacy programme design and implementation 
  • Third-party risk audit 
  • Data breach notification and incident management 
  • Data inventory mapping and audit 
  • Data analytics
  • Personally Identifiable Information (PII) discovery service 
  • IT security controls audit                                                

View our full range of cybersecurity advisory and incident response services or learn how our Technology Services & Advisory team can assist you.

Find out more about the PDPA at
For more information on the GDPR, visit


tan-boon-yen - Copy.pngTan Boon Yen 
Senior Director

T: +65 6594 7890
E: [email protected]


tan-boon-yen - Copy.pngHoi Wai Khin 

T: +65 6594 7880
E: [email protected]