The Ninja Sensei’s Logbook: Cross-border transfer of personal data: best practices

Privacy Ninja
2 min readApr 6, 2023

We live in an increasingly interconnected world.

Right smack in the centre is the cross-border transfer of personal data that has become a critical component of many businesses’ operations.

However, with this increased flow of data comes the need for organisations to ensure that personal data is being transferred securely and in compliance with data protection laws. To achieve this, businesses must adhere to best practices for cross-border data transfers, not only to safeguard sensitive information but also to maintain trust with their customers and stakeholders.

In Singapore, personal data protection is governed by the PDPA), which sets out specific requirements for cross-border transfers of personal data. Here are some best practices that businesses should follow when transferring personal data from Singapore to other parts of the world:

✔️ Get consent. Before transferring their personal data across borders, make sure to get their explicit YES. The consent should be specific, informed, and obtained voluntarily.

✔️ Assess the data recipient’s level of protection. Businesses should assess the level of data protection offered by the recipient country and the recipient organisation to ensure that adequate safeguards are in place. Is it the same level or more? Do not settle for less.

✔️ Use Standard Contractual Clauses (SCCs). SCCs are a set of contractual clauses that can be included in contracts between data controllers and data processors to ensure adequate data protection. Businesses should use SCCs when transferring personal data across borders.

✔️ Implement technical and organisational measures. This practice ensures the safeguard of personal data during cross-border transfers, such as encryption and access controls.

✔️ Conduct due diligence on third-party service providers. Doing this guarantees that the vendors have adequate data protection measures in place and that they comply with relevant data protection laws.

By adhering to these best practices, businesses can make sure that they are complying with relevant data protection laws and protecting individuals’ personal data when transferring it across borders.

P.S. Got questions or do you need help with your cybersecurity and data protection compliance journey? Don’t hesitate to reach out to your friendly cybersecurity and data protection experts at Privacy Ninja. We are always a text/call or email away!

📱 WhatsApp: +65 8750 4250

📧 email:

This post first appeared on Andy’s LinkedIn wall. Follow us on the following pages for more updates! Facebook | Twitter | LinkedIn | YouTube | Website



Privacy Ninja

Privacy Ninja is Singapore’s leading cybersecurity & data protection firm offering the most affordable services, like outsourced Data Protection Service & VAPT.