Skip to content
Photo of Stella Cramer (SG)

The much discussed Cybersecurity Act 2018 (Act. 9 of 2018) (the Act), which was passed by the Singapore Parliament on 5 February 2018, came into force on 31 August 2018 [1]. The new law creates a regulatory framework for the monitoring and reporting of cybersecurity threats to essential services in Singapore through the appointment of the Commissioner of Cybersecurity.  It also creates a licensing regime that will require certain data security service providers in Singapore to be registered.

On 1 February 2018, Singapore Personal Data Protection Commission (PDPC) released its response to feedback on its public consultation on approaches to managing personal data in the digital economy, which took place in Q3 2017 (the Public Consultation). The purpose of  the Public Consultation, was to seek public feedback on proposed changes to Singapore’s data protection regime, the Personal Data Protection Act (PDPA).  The key proposed changes to the PDPA include the relaxation of the consent requirement to collect, use and disclose personal data in Singapore and the introduction of a mandatory data breach notification regime.

We set out below a summary of the key points that you should know about the public feedback and PDPC’s response.

In a bid to keep pace with advancements in the technological landscape, the Singapore Government has in recent months embarked on public consultations on its draft Cybersecurity Bill (the Cyber Bill) and its proposed amendments to Singapore’s Personal Data Protection Act (PDPA) to update the country’s data protection regime. These changes will have a significant impact on how companies manage personal data and secure their information systems.

This article seeks to summarise the proposed changes to the Singapore cybersecurity and data protection regulatory framework and provide some brief thoughts on how this may impact organisations operating in Singapore.