Employee Data Privacy

Singapore - Data Protection Officer

 Download as a PDF

What is, and which organizations have to appoint a DPO?


A Data Protection Officer (DPO) is a person in charge of verifying the compliance of personal data processing with the applicable law. The DPO communicates information on processing personal data such as its purposes, interconnections, types, categories of data subjects, length of retention and department(s) in charge of implementing processing. DPOs may be required by law or recommended.

Singapore requires that all organizations designate one or more individuals as a Data Protection Officer who is responsible for ensuring compliance with the Personal Data Protection Act 2012 (PDPA). Note that there have been enforcement cases due to an organization’s failure to appoint a DPO. The DPO role can be part, or all, of an individual’s job duties, and the DPO can assign others certain data protection responsibilities. Singapore’s Personal Data Protection Commission has suggested that the DPO be selected from senior management or, someone with a direct line of communication to senior management. 

DPO responsibilities include:

  • ensuring policies and procedures are in compliance with the PDPA during the development/implementation of processes for handling personal data, including questions and complaints;
  • fostering a data protection culture and communicating policies to stakeholders;
  • managing questions and complaints as it relates to personal data, including sharing information relating to the company’s personal data protection practices and policies;
  • alerting management of any potential risks relating to personal; and,
  • liaising with Singapore’s Personal Data Protection Commission, when required.

The DPO’s contact information should be publicly available, and organizations should be able to respond promptly to questions and complaints (PDPA, Sec. 11(5)). As best practice, the DPOs contact information should be readily accessible from Singapore, use a phone number based in Singapore, and be accessible during normal business hours in Singapore, particularly if the DPO is not based in the country.

UKG's HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where UKG's customers have employees. HR Compliance Assist is a service exclusively available to UKG customers.

Share Your Feedback

Let's Talk