What is, and which organizations have to appoint a DPO?
A Data Protection Officer (DPO) is a person in charge of verifying the compliance of personal data processing with the applicable law. The DPO communicates information on processing personal data such as its purposes, interconnections, types, categories of data subjects, length of retention and department(s) in charge of implementing processing. DPOs may be required by law or recommended.
Singapore requires that all organizations designate one or more individuals as a Data Protection Officer. These individuals are responsible for ensuring compliance with the Personal Data Protection Act 2012 (PDPA). The DPO role can be part, or all, of an individual’s job duties Alternatively, this role can be outsourced to a third-party. The DPO's contact information should be available to the public.
Responsibilities for the DPO include:
- ensuring policies and procedures are in compliance with the PDPA during development/implementation;
- fostering a data protection culture and communicating policies to stakeholders;
- managing questions and complaints, as it relates to personal data; and
- liaising with Singapore’s Personal Data Protection Commission, when required.
Led by PeopleDoc’s Chief Legal & Compliance Officer, the HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers, including the global law firm Morgan Lewis, to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where PeopleDoc’s customers have employees. HR Compliance Assist is a service exclusively available to PeopleDoc customers.