Designing & Operating White Label Platform dedicated to the Insurance Industry
  • News
  • Security
  • Contact Us

Wellnex & My-insurer adjust its pdpa rulings to comply to new and additional legislations

2/18/2021

 
Picture
On 29 January 2021, the Personal Data Protection Commission (PDPC) announced that certain sections of the Personal Data Protection (Amendment) Act 2020 (the PDPA Amendments) will take effect from 1 February 2021 – please see PDPC’s announcement; the gazetted Commencement Notification.  This legal update provides a high-level summary of the PDPA Amendments that have taken effect.

The changes introduced by the PDPA Amendments to the Personal Data Protection Act 2012 (the PDPA) are the most significant since the PDPA first came into force on 1 July 2014.  Please see our earlier blog post, Singapore tables changes to the Personal Data Protection Act in Parliament, discussing the key changes introduced by the PDPA Amendments.
The PDPA Amendments will take effect in phases, with the following three key changes taking effect from 1 February 2021:
  • Mandatory data breach notification: Organisations must notify the PDPC of any data breach that: (i) results in, or is likely to result in, significant harm to the affected individuals; or (ii) is of a significant scale (i.e., involves personal data of 500 or more individuals). Affected individuals must be notified if the data breach is likely to result in significant harm to them.
    • Prescribed personal data or classes of personal data deemed to result in significant harm: The Personal Data Protection (Notification of Data Breaches) Regulations 2021 (Regulations on Notification of Data Breaches) provide a prescribed list of personal data or classes of personal data that shall be deemed to result in significant harm to affected individuals if compromised in a data breach (e.g., authentication data relating to an individual’s account with an organisation, credit card information, bank account number, creditworthiness of an individual, salary information etc.).
    • Timeframes for notification: Notifications to the PDPC must be made as soon as is practicable, but in any case no later than 3 calendar days after the day the organisation makes the assessment that a data breach is a notifiable data breach. Notifications to individuals must be made as soon as practicable, at the same time or after notifying the PDPC.
    • Information required: See Regulations on Notification of Data Breaches for a prescribed list of minimum information that the notification must contain.
  • Introduction of offences concerning mishandling of personal data by individuals: Individuals will be held accountable for egregious mishandling of personal data through the introduction of new criminal offences: (i) knowing or reckless unauthorised disclosure of personal data; (ii) knowing or reckless unauthorised use of personal data for a wrongful gain or a wrongful loss to any person; and (iii) knowing or reckless unauthorised re-identification of anonymised data. The prescribed penalty for these offences, which may be imposed on individuals, is a fine not exceeding S$5,000 or imprisonment for a term not exceeding 2 years or both.
  • Expansion of consent framework: New provisions to introduce deemed consent by contractual necessity and deemed consent by notification to allow organisations to collect, use and disclose personal data. Additionally, legitimate interest and business improvement exceptions have been introduced, with changes to the business asset transaction exception to broaden the scope and changes to the research exception to improve data innovation efforts. The expansions to the consent framework are accompanied by accountability requirements.


Picture
Picture

Comments are closed.

    my insurer

    Digitalising Financial Advisers

    Archives

    July 2025
    June 2025
    May 2025
    April 2025
    March 2025
    February 2025
    January 2025
    November 2024
    October 2024
    September 2024
    August 2024
    July 2024
    April 2024
    March 2024
    February 2024
    January 2024
    November 2023
    September 2023
    August 2023
    July 2023
    May 2023
    April 2023
    February 2023
    January 2023
    November 2022
    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    August 2019
    July 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017

    Categories

    All
    Insurance
    News
    Start Up
    Start-up

DPTM Certification Number:  DPTM-00033-202008202008
Cyber Essentials Certification Number:  CEM-2023-012
Terms & Conditions

Picture
Photos from wuestenigel, Sharon Hahn Darlin, wuestenigel, Département des Yvelines, shixart1985, Ivan Radic
  • News
  • Security
  • Contact Us