Personal Data Protection Act 2012 (PDPA)

Personal Data Protection Act 2012 (PDPA) is a law that governs the collection, use and disclosure of personal data by all private organisations. The Act has come into full effect on 2nd July 2014.

Organisations that collect, use and disclose personal data are required to develop and implement policies and practices that are necessary for the organisation to comply with the Personal Data Protection Act 2012 (PDPA).

This will help organisations to develop or improve their personal data protection policies and practices through the implementation of a Data Protection Management Programme (DPMP).

Data protection officer (DPO) is to be appointed within the organization to oversee the data protection responsibilities and ensure compliance with the PDPA.

organisations should enhance their personal data protection policies and practices to their organizational needs.

Why to Comply With the PDPA?


"Lawfulness, Fairness and Transparency image "
Purpose Limitation

Only use or disclose personal data for the purposes defined.

Purpose Limitation Image

Inform the individuals on the purposes for collection, use and disclosure of their personal data during collection.

Consent ​

Ensure that the consent has been obtained from the individuals before collecting, using or disclosure of the personal data.

Access and Correction

Upon request, provide the personal data of the individual and information on how the individual’s personal data has been used or disclosed in the past year. Correct an individual’s personal data upon request.


Ensure that personal data is accurate and complete during collection or when making a decision which will affect the individual.


Keep personal data in your possession secure from unauthorized access, modification, disclosure, use, copying, whether in hardcopy or electronic form.

Retention Limitation

Retain personal data only for business/legal purposes and securely destroy personal data when no longer needed.

Transfer Limitation

Ensure overseas external organisations provide a standard of protection comparable to the protection under the Singapore PDPA


Designate a Data Protection Officer and publish his/her business contact information. Make available personal data protection policies and practices to public and employees, including complaint process.

Purpose Limitation Image
Do-Not-Call (DNC)

Do not send marketing messages to individuals who have registered in the National DNC registry through voice, text messages or fax unless you have obtained their clear and unambiguous consent or have an on-going relationship (for text / fax).



Easier, Affordable and Scalable image
Regulatory Policies

Govern regulatory policies in a centralized location. Define and document policies & controls, Governance processes, Critical Data Elements, Data Categories, Data Subcategories, DQ dimensions and DQ rules

Enhance Governance of Restricted Data
Enhance Governance
of Restricted Data

Mapping of data to critical data elements ensuring restricted data is effectively validated by customizing the workflows and used for ongoing PDPA compliance as the law evolves.

Operationalize Regulatory Policies image
Expedite Responses
to Maintenance Issues

Manage the governance stewardship to rectify the error data and quickly address issues with targeted maintenance alerts.

Reduce Compliance
Risk by Monitoring Risk Reports

Track and analyze Data risk effectively by monitoring the reports to mitigate business impact.



Data Insights Platform (DIP) is a Data Governance framework tool designed specifically for Regulatory compliance , with pre-configured content like Policies, Controls, data categories, Sub-Categories, Critical Data Elements, workflows, reports, dashboards, and more.

Data Insights Platform (DIP) offers a centralized location where you can document, govern and collaborate around privacy and security policies to ensure they are effectively managed across the enterprise. It also allow organizations to establish a data mapping system to record processing activities and perform data Quality assessments.

Data Insights Platform (DIP) provides a sustainable approach to regulatory policies by managing the compliance through risk evaluations and assessments then take remediation actions as issues arise. Manage approvals, identify risk controls and tailor workflows to match specific business needs. Monitor compliance progress through easy-to-understand dashboards and reports which shows the regulatory violations details.

AMURTA’s Data Insights Platform is an enterprise-level solution that enhances productivity and perform better by turning raw data into actionable insights. This platform put people and process in place which improves automating the data governance and data management to deliver the trusted data to the business users who can quickly chart out the reality of data, its lineage, and usage across the policies, processes, projects, and regulation.


If you have queries  we are ready to discuss how our Data Insights Platform can help you in improving your organization governance process.