The Personal Data Protection Act 2012 (“PDPA”) contains two main sets of provisions, covering personal data protection (“the DP Provisions”) and the Do Not Call Registry (“the DNC Provisions”), which organisations are required to comply with. The DP Provisions and the DNC Provisions came into force on 2 July 2014 and 2 January 2014 respectively. From 2 July 2014, organisations are required to comply with both sets of provisions where relevant.


The PDPA is intended to be a baseline law applicable to all organizations in Singapore except for the public sector. The objective of the PDPA is to regulate an organisation’s activities relating to the collection, use and disclosure of personal data.

Personal data is defined widely to include “any data about an individual who can be identified from that data; or from that data and other information to which the organisation has or is likely to have access”. This includes personal particulars, medical records, educational records, financial records, etc, whether the data is stored in electronic or non-electronic form.

If you have any concerns or enquiries regarding the Personal Data Protection Act (PDPA) at NSRCC, kindly email to dpo@nsrcc.com.sg or call 65428288.