The Ninja Sensei’s Logbook: Migrating to another platform? Don’t lose track of your legacy database!

Privacy Ninja
2 min readMar 23, 2023

Migrating to a new and bigger platform may spell exciting things for your business, but in doing it, make sure you don’t abandon the old one right away. They are covered by the PDPA too!

Your organisation is still liable for the maintenance of the legacy database. Ensuring that they are not vulnerable to any exploitation is also expected, as when they are breached, there is no change in your liability with the PDPC.

In the case of Eatigo International, the organisation was made to pay a whopping financial penalty of S$62,400 for its failure to protect its legacy database and ensure that the personal data it handles is safe and free from vulnerabilities.

What can we get from this case?

✅ The maintenance of an accurate and up-to-date personal data asset inventory is a prerequisite for complying with the Protection Obligation

✅ There’s no difference as to the liability of a breach of a functional database from a legacy one.

✅ The safest way to avoid a data breach in a legacy database is to remove all the personal data housed in the legacy database.

Remember, a breach of personal data, regardless of the type of database it is housed, is still a breach and is answerable to the PDPC. This is why every organisation in Singapore should see to it that they have an up-to-date personal data asset inventory to track every personal data that is under the Organisation’s management.

P.S. Got questions or do you need help with your cybersecurity and data protection compliance journey? Don’t hesitate to reach out to your friendly cybersecurity and data protection experts at Privacy Ninja. We are always a text/call or email away!

📱 WhatsApp: +65 8750 4250

📧 email:

This post first appeared on Andy’s LinkedIn wall. Follow us on the following pages for more updates! Facebook | Twitter | LinkedIn | YouTube | Website



Privacy Ninja

Privacy Ninja is Singapore’s leading cybersecurity & data protection firm offering the most affordable services, like outsourced Data Protection Service & VAPT.