The Ninja Sensei’s Logbook: Don’t Be A Data Hoarder: PDPA Data Retention Guidelines to the Rescue

Privacy Ninja
2 min readMar 19, 2023

The PDPA does not just impose rules and regulations as to the collection, use, or disclosure of personal data; it also covers the retention and disposal of them for the reason that they may be the cause of data breaches in the future.

Every organisation in Singapore should understand the importance of not being a data hoarder, as it could be subjected to the risk that it may be put in. That is why when your organisation has personal data that no longer serves its purpose, it is advised to dispose of them as soon as possible based on the guidelines set under the PDPA.

Best practices in the retention and disposal of personal data

✅ Understand the PDPA guidelines for data retention and disposal

✅ Conduct regular data audits to identify unnecessary data and ensure compliance

✅ Implement data minimization practices to limit the amount of data collected and retained

✅ Use secure methods to dispose of data, such as encryption, shredding, or secure deletion

✅ Ensure that employees are aware of and trained on data retention and disposal policies

The PDPA mandates that organisations must limit their data retention period to the time necessary to fulfil the purposes for which the data was collected. This means that organisations must have a clear understanding of why they collect specific data and how long it is necessary to keep it. The PDPA also requires organisations to dispose of data securely once it is no longer needed, to prevent unauthorised access or disclosure.

Failure to comply with this obligation is crucial for every organisation in Singapore as this would mean the imposition of a hefty financial penalty from the PDPC.

P.S. Got questions or do you need help with your cybersecurity and data protection compliance journey? Don’t hesitate to reach out to your friendly cybersecurity and data protection experts at Privacy Ninja. We are always a text/call or email away!

📱 WhatsApp: +65 8750 4250

📧 email:

This post first appeared on Andy’s LinkedIn wall. Follow us on the following pages for more updates! Facebook | Twitter | LinkedIn | YouTube | Website



Privacy Ninja

Privacy Ninja is Singapore’s leading cybersecurity & data protection firm offering the most affordable services, like outsourced Data Protection Service & VAPT.