Data protection services | Singapore | Corporate services

Our data protection solutions

We bridge the gap between your Data Protection Officer (DPO) responsibilities and regulatory burdens to ensure your data protection is done properly.

All Singapore entities, including sole proprietorships, are required to ensure compliance with the Personal Data Protection Act 2012 (PDPA).

Organisations are required by law to designate at least one individual as a DPO, to oversee the data protection responsibilities within the organisation and ensure compliance with the PDPA.

While the responsibility for complying with data protection lies with a company’s management team, the operational requirements needn’t become a burden. Organisations with manpower or resource constraints can outsource operational parts of the DPO function.

How to comply with the PDPA in Singapore

Every Singapore registered company must appoint a DPO.

Data protection-related policies and procedures must be in place and established in the company’s day-to-day operations.

The documentation of processes that process personal data must be stored in a data inventory and in compliance with the data protection obligations.

Individuals must be able to exercise the user rights to which they are entitled under the PDPA.

Employers must raise employees’ awareness of data protection and how personal data is processed.

A data breach response plan must be in place and applied in the event of a data breach to evaluate the incident.

You can only collect, use or disclose personal data when an individual has given his or her consent. You must allow individuals to withdraw consent with reasonable notice and inform them of the likely consequences of their withdrawal.

You may collect, use or disclose personal data about an individual for the purpose for which he or she has given consent.

You must inform the individual about the purpose(s) for which you are intending to collect, use or disclose their personal data on or before this process.

Your customers can also request for information on how their personal data has been used through the time period that they have given consent. You are also required to correct any error or omission in your customer’s personal data upon his or her request.

The personal data collected by or on behalf of your organisation should be accurate.

You must set up the necessary security measures to safeguard the information that you possess or control and prevent any form of unauthorised access, collection, use, disclosure or similar risks.

Once the personal data is no longer necessary for any business or legal purposes, cease retention of the information.

If you are required to transfer your customers’ personal data to another country, do so only according to the requirements prescribed under the regulations. You want to ensure that the standard of protection provided for their personal data transferred is comparable to the protection under the PDPA in Singapore.

Assign one or more individuals to establish your data protection framework by setting up internal processes in a data protection-compliant manner and implementing personal data protection policies and SOPs within your organisation. Furthermore, a communication channel must be provided for any complaints or enquiries from individuals and the authority. The business contact information of your data protection officer(s) should therefore be made available to the public.

In the event of a data breach, you must take steps to assess whether it is notifiable. If the data breach is likely to result in significant harm to individuals and/or is of a significant scale, organisations must notify the PDPC and the individuals concerned as soon as possible.

Our solutions

Outsourced DPO package
We can assist you by assuming the role and duties of the DPO for your company, in accordance with the Personal Data Protection Act and Personal Data Protection Commission of Singapore. Our service includes:

Outsourced DPO
Official contact point for enquiries and complaints from users and authorities
PDPA gap analysis and action plan
Mandatory data protection policies and SOPS
Data breach response plan and user rights management
Staff awareness training
Implementation tracking
Annual re-assessment
Includes board resolution appointing and registering DPO

DPO support package

We support your internal DPO to implement a data protection framework to meet PDPA compliance. Our service includes:

PDPA gap analysis and action plan
Mandatory data protection policies and SOPS
Data breach response plan and user rights management
Staff awareness training
Implementation tracking
Annual re-assessment

Compliance 'Plus' package

We offer a comprehensive package of document templates, requested by the authorities to achieve the necessary paper compliance. This package includes important policies and processes and provides the basis for individual customisation tailored to the needs of your organisation. Our service includes:

An explanation and briefing call with our data protection specialists
More than 40 templates for data protection and information security policies
More than 20 templates for data protection and information security processes

Optional ‘as you need it’ add-on

Our comprehensive on-going data protection and information security consultancy provides:

Cyber incident response management
GDPR compliance support/consulting
ISO27001 compliance support/consulting
Vulnerability assessments/scans and penetration tests
Outsourced CISO (Chief Information Security Officer)
Technical data protection and security consulting services

"Hawksford was able to help Boggi beyond its scope and has proven to be a key stakeholder of Boggi in Asia. In Singapore alone, Hawksford assisted Boggi in cultivating our connections with the most important landlords. This contribution allowed us to enter the Singapore market and open three stores."

Paolo Selva, Corporate CEO, Boggi Milano

“Hawksford’s Hong Kong team were true professionals and great people, supporting our operation here in Hong Kong, and providing us with tailored services for finance and administration which perfectly met our requirements. They handled our enquiries promptly and were always focused on delivering excellent solutions.”

Summy Lee, Head of Business Development, North/East Asia and Pacific, Amann Group

"From the beginning, Hawksford took care of the essential business set-up, so that we could be up and running and operating successfully in a short timeframe. As a result of such a smooth entry into the UK, we have continued to use Hawksford for accounting services, financial statements, tax declarations and other general administrative services."

Anujin Baasanjav, Head Accountant, Gobi Cashmere UK