Singapore - Guide to handling data access requests issued
Published 9 June 2016
With the aim of providing businesses with greater clarity as to how to respond to data access requests, the Singapore Personal Data Protection Commission issued on 9 June its 'Guide to Handling Access Requests' (the "Guide").
The Guide aims to assist organisations in complying with their legal obligations under the Singapore Personal Data Protection Act 2012 ("PDPA") when processing, rejecting and recording data access requests.
The Guide covers key elements such as:
- determining the response timeframe;
- ascertaining the identity of the individual who submitted the request;
- preserving personal data;
- identifying circumstances where organisations are not required to provide access to an individual's personal data;
- determining a 'reasonable' fee for providing access; and
- making request channels available.
The Guide is in a business-friendly format and organisations should use it to review, update and put in place processes, to ensure compliance with the PDPA.
The Guide can be accessed here.