The Ninja Sensei’s Logbook: Got Breached in Singapore? Don’t Delay, Must Report!
Breaches happen; we get it.
With the sophistication that bad actors employ to infiltrate an organisation’s systems and services, we understand that the probability of getting breached is getting higher with time. This is especially true when the organisation does not have a Data Protection Officer.
Why? The DPO ensures that proper security measures and data protection policies are in place to fortify your compliance walls.
But breaches can still happen, right?
When this happens to your organisation, the first thing to do is assess if the personal data that was breached is notifiable, and if it is, you must inform the affected individual — that their personal data have been breached — and the Personal Data Protection Commission (PDPC) for further action.
When should you notify them?
If a data breach is found to be notifiable, Singapore organisations must inform:
✔️ the Commission as soon as possible, but no later than three (3) calendar days; and
✔️ affected individuals as soon as possible, either at the same time as they informed the Commission or after they informed the Commission.
Organisations are required to notify the PDPC and the affected individuals of a data breach when it happens. By not doing so, they are risking violating the PDPA, which upon discovery, could mean damages to the organisation’s credibility and a hefty financial penalty ranging up to S$1,000,000.
With this, when your organisation has a breach, never delay informing the affected individuals and the PDPC as it happens. This could potentially save you time and resources in battling it with the PDPC.
P.S. For any further questions or if you need help with your cybersecurity and data protection compliance journey, don’t hesitate to reach out to us. We are always a text/call or email away!
📱 WhatsApp: +65 8750 4250
📧 Email: ninjas@privacy.com.sg
