top of page
  • Writer's pictureChristy Chung

Personal Data Protection Act (PDPA) from Singapore


The Personal Data Protection Act (PDPA) in Singapore requires organizations to implement appropriate security measures to protect personal data and to regularly review and assess the adequacy of those measures, including security log monitoring.


The provisions of the PDPA are guidelines, and organizations are expected to implement security measures that are appropriate to their particular circumstances and the sensitivity of the personal data they handle. The PDPA is enforced by the Personal Data Protection Commission, which has the power to investigate complaints and enforce the provisions of the act through fines, enforcement directions, and other measures.


The provisions related to security log monitoring in Singapore's Personal Data Protection Act (PDPA) can be found in several sections of the act, including:


* Section 24, "Protection of Personal Data," which requires organizations to take steps to protect personal data in their possession or under their control from unauthorized access, collection, use, disclosure, or disposal.


* Section 24(2), "Security Measures," which requires organizations to implement security measures to protect personal data, such as by securing the premises where the personal data is stored, and taking steps to prevent unauthorized access, collection, use, disclosure, or disposal of personal data.


* Section 24(4), "Monitoring," which requires organizations to regularly review and assess the adequacy of the security measures they have implemented to protect personal data.

These provisions in the PDPA are intended to ensure that organizations implement appropriate security measures to protect personal data, including security log monitoring, and that they regularly assess and improve their security measures to ensure that they remain effective.

Requirement of security log monitoring

It is important to note that the provisions related to security log monitoring in the PDPA are guidelines and not specific requirements. Organizations are expected to implement security measures that are appropriate to their particular circumstances and the sensitivity of the personal data they handle. The provisions of the PDPA are enforced by the Personal Data Protection Commission, which has the power to investigate complaints and to enforce the provisions of the act through fines, enforcement directions, and other measures.

14 views0 comments
bottom of page