23 July 2019

On 15 July 2019, the Personal Data Protection Commission (“PDPC”) issued its Guide to Accountability (“Guide”) that explains the principle of accountability in the context of personal data protection and how the PDPC has implemented this in Singapore. The Guide also sets out recommendations on how organisations can implement accountability-based measures. The Guide is part of a series of efforts by the PDPC to shift the emphasis in personal data protection from compliance to accountability. Please see our earlier legal update on other initiatives from the PDPC.

Accountability under the Personal Data Protection Act 2012 (“PDPA”) requires organisations to undertake measures to ensure and demonstrate compliance with the PDPA. For instance, the organisation is required to designate a data protection officer, who will be responsible for ensuring the organisation’s compliance with the PDPA. Ideally, the data protection officer should be part of senior management of the organisation.  In addition, the organisation is required to develop and implement internal and external policies for data protection.

Apart from the mandatory accountability requirements under the PDPA, organisations should also consider implementing further accountability measures set out in the Guide. These measures are categorised under Policy, People and Process.

  • Policy. Embed personal data protection into corporate governance through the involvement of senior management, and develop and communicate personal data protection policies clearly to both internal and external stakeholders.
  • People. Inculcate responsible personal data protection values in every employee, and ensure each employee is aware of and adheres to its data protection policies and processes; staff should receive in-depth training customised to their areas of responsibility.
  • Processes. Institute proper processes to operationalise data protection policies throughout the data lifecycle and across business processes, systems, products or services. These processes should be reviewed regularly to meet the organisation’s business needs and should be up-to-date with regulatory and technological developments.

The Guide is available here.

If you have any questions on the above, please contact Heng Jun Meng or the ZICO Insights Law LLC partner you usually deal with.


On 1 December 2022, KPMG and ZICO Law entered into an agreement under which a number of law firms and teams from the ZICO Law network have joined the KPMG network of firms.

The deal will see more than 275 lawyers join over 2,900 legal professionals in the KPMG global organization, creating a significant legal footprint across Asia. It will offer legal services and solutions, a globally connected legal services platform, and specialists who work with leading technology providers to modernize legal functions across organizations. The strategic combination increases the total number of legal professionals in the KPMG network to over 3,750 across 84 jurisdictions. You may read the press release here.

For more information and to see how we can assist you in your desired jurisdiction, please follow the links below: