How do businesses remain compliant with PDPA in Singapore?
Under the PDPA (Personal Data Protection Act), it is required that businesses obtain customers’ consent before collecting, using their personal data. Below is a non-exhaustive list of guiding tips for businesses.
Starting off, how to obtain customers’ consent?
1. Ask customers to sign or acknowledge a notice that permits the company to use their data for a particular purpose
2. If customers’ data are routinely collected, a notice should be stated in the form indicating that clearly.
3. To send promotional material to customers, a tickbox has to be included for them to choose to select or deselect
There is a list of exceptions where businesses do not have to always collect customers’ consent, but the onus is on businesses to legally justify their business practices and cross-referencing to PDPA guidelines.
PDPC (Personal Data Protection Commission) has also provided a template for drafting a notice for consent, to serve as a guideline for companies.