The Personal Data Protection Act 2012 (“PDPA“) has been undergoing a series of amendments pursuant to the Personal Data Protection (Amendment) Act 2020, aimed at enhancing the PDPA and strengthening organisation accountability and consumer protection. The changes have taken effect in phases, with the first phase coming into operation on 1 February 2021.
As a follow-up to the earlier changes, a number of subsequent amendments have been made to the Regulations under the PDPA – specifically, the Personal Data Protection Regulations 2021 and the Personal Data Protection (Notification of Data Breaches) Regulations 2021. These amendments have taken effect from 1 October 2021, and serve to clarify the concept of significant harm for mandatory data breach reporting, defences for egregious mishandling of personal data and the provision of business contact information of Data Protection Officers. This Update provides a summary of the amendments to the Regulations.
For more information, click here to read the full Legal Update.