“The Transfer Limitation Obligation” Singapore PDPA Preventive measure 9 Obligations to follow PDPA (No.8)
There would be situations whereby personal data or confidential information has to be transferred over to their parent companies, which are often located overseas. These information would usually be sent over physically or via their common systems or servers.
How would this obligation then affect organizations?
What is Transfer Limitation Obligation?
Under Section 26 of the PDPA, it is stated that an organisation must not transfer personal data to a country or territory outside Singapore except in accordance with the requirements prescribed under the PDPA.
A “transfer” under the PDPA refers to the transfer of Personal Data outside of Singapore, regardless of whether the Personal Data is transferred physically or electronic means.
How to ensure compliance with the Transfer Limitation Obligation?
The conditions of the transfers should be placed in writing or a contract, complying with the conditions under PDPA.
Steps that should be taken includes:
- Ensuring compliance with the Data Protection Provisions.
- Ensuring that consent has been given by the individuals and they are well-informed of how their personal data would be protected during the transfer process.
- Ensuring that personal data will not be used or divulged by the recipient for other intents.
Thank you for reading. If you do have further Inquiries about this obligation, feel free to contact MAMORU Singapore.