What are the penalties for non-compliance with any applicable data protection laws?
Non-compliance with data privacy laws and data breaches may lead to sanctions, fines, and penalties. The amounts are usually calculated according to the risk to which personal rights were exposed and the preventive measures taken by the data controllers, processors and sub-processors in relation to their respective role in the chain of personal data processing.
Penalties under Singapore’s Personal Data Protection Act 2012 (PDPA) can include fines and imprisonment. Employers are liable for employee violations of the act, whether it was done with or without the employer’s knowledge. General penalties for noncompliance can lead to a fine of up to S$10,000 and/or imprisonment of up to 3 years. When an offence continues after conviction, additional fines of up to S$1,000 per day of noncompliance can be imposed.
If a person changes or obtains access to personal data about an individual without the authority of that individual it can result in a fine of up to S$5,000 (Singapore dollar) or, imprisonment of up to one year. Organizational offences relating to obtaining access or changing data can lead to a fine of up to S$50,000.
Obstructing, hindering or providing false information to the Personal Data Protection Commission relating to personal data change/access can result in fines of up to S$10,000 for an individual or S$100,000 for an organization.
Led by PeopleDoc’s Chief Legal & Compliance Officer, the HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers, including the global law firm Morgan Lewis, to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where PeopleDoc’s customers have employees. HR Compliance Assist is a service exclusively available to PeopleDoc customers.