The Leading Marketing Platform Dedicated to Insurance Intermediaries
  • Intermediary login
  • Products
    • FA BizBooster
    • FA Enterprise
    • Merchant Builder
    • All Features
  • About us
  • News
  • Security

Wellnex & My-insurer adjust its pdpa rulings to comply to new and additional legislations

2/18/2021

 
Picture
On 29 January 2021, the Personal Data Protection Commission (PDPC) announced that certain sections of the Personal Data Protection (Amendment) Act 2020 (the PDPA Amendments) will take effect from 1 February 2021 – please see PDPC’s announcement; the gazetted Commencement Notification.  This legal update provides a high-level summary of the PDPA Amendments that have taken effect.

The changes introduced by the PDPA Amendments to the Personal Data Protection Act 2012 (the PDPA) are the most significant since the PDPA first came into force on 1 July 2014.  Please see our earlier blog post, Singapore tables changes to the Personal Data Protection Act in Parliament, discussing the key changes introduced by the PDPA Amendments.
The PDPA Amendments will take effect in phases, with the following three key changes taking effect from 1 February 2021:
  • Mandatory data breach notification: Organisations must notify the PDPC of any data breach that: (i) results in, or is likely to result in, significant harm to the affected individuals; or (ii) is of a significant scale (i.e., involves personal data of 500 or more individuals). Affected individuals must be notified if the data breach is likely to result in significant harm to them.
    • Prescribed personal data or classes of personal data deemed to result in significant harm: The Personal Data Protection (Notification of Data Breaches) Regulations 2021 (Regulations on Notification of Data Breaches) provide a prescribed list of personal data or classes of personal data that shall be deemed to result in significant harm to affected individuals if compromised in a data breach (e.g., authentication data relating to an individual’s account with an organisation, credit card information, bank account number, creditworthiness of an individual, salary information etc.).
    • Timeframes for notification: Notifications to the PDPC must be made as soon as is practicable, but in any case no later than 3 calendar days after the day the organisation makes the assessment that a data breach is a notifiable data breach. Notifications to individuals must be made as soon as practicable, at the same time or after notifying the PDPC.
    • Information required: See Regulations on Notification of Data Breaches for a prescribed list of minimum information that the notification must contain.
  • Introduction of offences concerning mishandling of personal data by individuals: Individuals will be held accountable for egregious mishandling of personal data through the introduction of new criminal offences: (i) knowing or reckless unauthorised disclosure of personal data; (ii) knowing or reckless unauthorised use of personal data for a wrongful gain or a wrongful loss to any person; and (iii) knowing or reckless unauthorised re-identification of anonymised data. The prescribed penalty for these offences, which may be imposed on individuals, is a fine not exceeding S$5,000 or imprisonment for a term not exceeding 2 years or both.
  • Expansion of consent framework: New provisions to introduce deemed consent by contractual necessity and deemed consent by notification to allow organisations to collect, use and disclose personal data. Additionally, legitimate interest and business improvement exceptions have been introduced, with changes to the business asset transaction exception to broaden the scope and changes to the research exception to improve data innovation efforts. The expansions to the consent framework are accompanied by accountability requirements.


Picture
Picture

Comments are closed.

    my insurer

    Digitalising Financial Advisers

    Archives

    January 2023
    November 2022
    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    August 2019
    July 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017

    Categories

    All
    Insurance
    News
    Start Up
    Start-up

important notice

about us

Term of USe

  • my insurer does not invite nor solicit its users to purchase insurance products  ​ 
  • my insurer is not responsible for any recommendations or advice you may receive at any point of time while using the app
  • any question relating to data management: data@my-insurer.net
My-Insurer is an insurtech and Private Limited company based in Singapore 
Wellnex is the health-tech, front-end of My-insurer
Certified Singapore Fintech number: 
20040111
DPTM certification Number:  DPTM-00033-202008202008

Our people
Latest Features

​
Picture
Terms & Conditions
Youtube Channel
Download App


Picture
My-Insurer Private Limited – Singapore - N 201903812R – All rights reserved ​

  • Intermediary login
  • Products
    • FA BizBooster
    • FA Enterprise
    • Merchant Builder
    • All Features
  • About us
  • News
  • Security