The Singapore Personal Data Protection Act 2012 (PDPA) subjects organisations to various obligations pertaining to the collection, use and disclosure of personal data, with non-compliance attracting financial penalties, issuance of remedial directions from the Personal Data Protection Commission, as well as reputational damage arising from the publication of enforcement decisions. The firm’s Data Protection practice group advises organisations on the formulation and implementation of internal compliance policies and programmes to meet the requirements under Singapore’s data protection laws.