TODAY: 1 NEW BREACH·LAST 30 DAYS: 4·RECORDS THIS YEAR: 5.6M·MOST TARGETED: GOVERNMENT·TOP ORIGIN: France·LARGEST BREACH: MedCore Systems — S3 Bucket Exposure (4.2M)·GLOBAL THREAT LEVEL: NORMAL·TODAY: 1 NEW BREACH·LAST 30 DAYS: 4·RECORDS THIS YEAR: 5.6M·MOST TARGETED: GOVERNMENT·TOP ORIGIN: France·LARGEST BREACH: MedCore Systems — S3 Bucket Exposure (4.2M)·GLOBAL THREAT LEVEL: NORMAL
🇸🇬

Singapore Data Privacy Regulations

Personal Data Protection Act (PDPA)
High Severity
Enacted: 2012 (Amended: 2020)

Overview

The PDPA establishes a data protection framework that governs the collection, use, disclosure and care of personal data in Singapore.

Scope of Application:

Organizations that collect, use or disclose personal data in Singapore.

Key Rules & Obligations

Breach Notification

As soon as practicable, but no later than 3 calendar days.

Maximum Penalties

Up to 10% of annual turnover in Singapore or S$1 million, whichever is higher.

Data Transfers

Requires ensuring the recipient country has comparable protection laws or binding contracts.

Individual Rights

  • Access
  • Correction
  • Portability (pending)

Enforcement Authority

Personal Data Protection Commission (PDPC)

Contact: Info line on website

Visit Authority Website

Notable Breaches in Singapore

No notable public breaches matching these criteria currently indexed.

Official Sources

Frequently Asked Questions

What is the PDPA?

Singapore's primary data protection law.

Who enforces PDPA?

The PDPC enforces regulations and issues fines.

Last updated: March 5, 2026

Notice an error? Report a correction