Are there any restrictions on transferring personal data and how can these be overcome?
Cross-border data transfers affect all organizations that engage online IT services, cloud-based services, remote access services and global HR databases. Understanding the applications of lawful data transfer mechanisms is essential to validate recipients located in other nations.
Employers are able to transfer employee data outside of Singapore, as long as they continue to comply with the Personal Data Protection Act 2012 (PDPA). The law requires that any transfers of personal data outside of Singapore follow the standards set by the Act, by taking appropriate steps to ensure compliance. The recipient of the employee data is also bound by legally enforceable obligations to provide a standard of data protection equivalent to the PDPA.
Recipients of data protection can meet these obligations through (Advisory Guidelines on Key Concepts in the PDPA, July 2017):
- other country’s laws if equal or greater to the protections under the PDPA;
- contracts which require the recipient to provide a comparable or higher level of data protection as the standard under the PDPA and, specify the countries/territories where the data may be transferred;
- binding corporate rules that: require all data recipients to provide a comparable or higher level of data protection as the standard under the PDPA; and, specify the countries/territories where the data may be transferred, the recipients, and the rights/obligations set by the rules; or,
- other legally binding instruments.
Singapore’s data privacy laws are compliant with the APEC Privacy Framework. Therefore, data transfers are allowed between Singapore and other APEC Privacy Framework members (currently Japan, the Republic of Korea, the USA, Canada and Mexico).
HR Best Practices: The use of applications in the cloud frequently results in the international transfer of employee data. Personal data should only be transferred outside Singapore when a level of protection comparable to those under the PDPA can be ensured.
Led by PeopleDoc’s Chief Legal & Compliance Officer, the HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers, including the global law firm Morgan Lewis, to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where PeopleDoc’s customers have employees. HR Compliance Assist is a service exclusively available to PeopleDoc customers.