top of page
  • a22162

About the PDPA

Updated: Aug 18, 2023

The Personal Data Protection Act (PDPA) governs the collection, use and disclosure of personal data by organisations, in a manner that recognises individuals’ rights and the need of organisations to use such personal data for legitimate business purposes.

How To Handle Personal Data

Do you collect, use or disclose personal data of employees, customers or other individuals? If the answer is yes, you should ensure that your organisation has put in place systems, policies and processes to comply with the Personal Data Protection Act.

The PDPA contains two main sets of provisions; namely Data Protection (DP) provisions and the Do Not Call (DNC) provisions.

Do Not Call (DNC) Provisions

The DNC Provisions prohibit organisations from sending certain marketing messages to Singapore telephone numbers including mobile, fixed line, residential and business numbers registered with the DNC Registry.

Appoint A Data Protection Officer

All organisations, including sole proprietors and non-profit organisations, must appoint at least one person as the Data Protection Officer (DPO). The DPO function is management’s responsibility and, ideally, the appointed DPO should be part of the management team, or at least have a direct line to management. The operational DPO functions, however, may be delegated to one or a few employees, or outsourced to a service provider.


A Data Protection Management Programme (DPMP) lays the foundation and provides a systematic approach for an organisation’s data protection initiatives. It covers management policies and processes for the handling of personal data as well as defines governance and the roles and responsibilities of the people in the organisation in relation to personal data protection.

How to Develop a DPMP?


There is no ‘one size fits all’ DPMP, and organisations should consider developing a DPMP that is reasonable and appropriate for their business need. Nevertheless, organisations may wish to follow the suggested steps below.


A personal data protection policy sets the direction and course of action by the organisation to meet its obligations under the PDPA.


People are the backbone behind all measures and their roles and responsibilities in personal data protection should be defined and understood throughout the organisation.


Organisations may need to create, update or revise their processes to address the handling of personal data throughout the data lifecycle (from collection to disposal/archival).

DP Advisory

Innovative and responsible use of data can provide competitive advantage by enabling new service offerings, as well as increase consumer confidence in an organisation.

To help SMEs in Singapore use data responsibly, you may appoint Bestar DP Advisors to provide tailored support and assistance.

You may consider engaging our professional services to conduct a comprehensive assessment to evaluate your organisation’s needs.

Advisory Services

• Learn about your data protection obligations

• Uncover potential data protection gaps in your business processes

• Locate useful data protection resources

• Find out more about financial assistance schemes available • Receive in-depth, targeted advice tailored to your organisation’s key business processes

How Bestar can Help

Bestar can help organizations in Singapore comply with the PDPA by providing a range of services, including:

  • Data protection consulting: Bestar can help organizations assess their compliance with the PDPA and develop a plan to improve their practices.

  • Data protection training: Bestar can provide training to employees on the PDPA and how to protect personal data.

  • Data protection software: Bestar can provide software to help organizations manage their personal data in a secure and compliant manner.

  • Data breach response: Bestar can help organizations respond to data breaches in a way that complies with the PDPA.

In addition, Bestar can also help organizations with other aspects of data protection, such as:

  • Privacy impact assessments

  • Data anonymization

  • Data encryption

  • Data deletion

Bestar is a leading provider of data protection services in Singapore. They have a team of experienced professionals who are experts in the PDPA. Bestar can help organizations of all sizes comply with the PDPA and protect the personal data of their customers and employees.

Here are some of the specific services that Bestar offers:

  • Data protection assessment: Bestar will assess your organization's compliance with the PDPA and identify any areas where you need to improve.

  • Data protection training: Bestar will provide training to your employees on the PDPA and how to protect personal data.

  • Data protection software: Bestar will recommend and implement data protection software that meets your organization's needs.

  • Data breach response: Bestar will help you respond to a data breach in a way that complies with the PDPA.

  • Privacy impact assessment: Bestar will help you conduct a privacy impact assessment for a new project or initiative.

  • Data anonymization: Bestar will help you anonymize personal data so that it can be used for research or other purposes without compromising the privacy of individuals.

  • Data encryption: Bestar will help you encrypt personal data to protect it from unauthorized access.

  • Data deletion: Bestar will help you delete personal data when it is no longer needed.

If you are an organization in Singapore that needs help complying with the PDPA, contact Bestar. They are a trusted advisor who can help you protect the personal data of your customers and employees.

For more information about DPMP, please contact Bestar.

About the PDPA | Bestar
About the PDPA | Bestar


bottom of page