This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Welcome to Reed Smith's viewpoints — timely commentary from our lawyers on topics relevant to your business and wider industry. Browse to see the latest news and subscribe to receive updates on topics that matter to you, directly to your mailbox.
| less than a minute read

Singapore increases data breach penalty to 10% of turnover, from 1 October

Non-compliance with Singapore's Personal Data Protection Act can now attract a higher penalty of up to 10 per cent of local annual turnover for organisations whose turnover exceeds S$10 million. 

This change, which was passed in November 2020, will take effect on 1 October this year. 

"Organisations must continue to take ownership and be held accountable, especially those that hold sizeable volumes of data," Singapore's Minister of Communications and Information said.

Among the slew of changes to Singapore's data protection law that took effect in February last year, it is now mandatory to report to the commission within 3 calendar days from discovering a notifiable breach. 

A notifiable breach is one that affects more than 500 individuals or poses a significant impact of harm to any 1 individual. 

The implementation of the new penalties was delayed due to economic uncertainties during the pandemic, but businesses now have sufficient lead time, Minister for Communications and Information Josephine Teo said in Parliament on Friday (Mar 4).


data, privacy, dataprotection, law, regulation, enforcement, breach, singapore, penalty