DPOs and Notification Requirements
Jump to
DPOs and Notification Requirements Start Comparison
Is the concept of data protection officer (DPO) recognized in the jurisdiction?

Last review date: 15 January 2025

Yes.

Are there circumstances in which it is mandatory to appoint a DPO or similar position?

Last review date: 15 January 2025

Yes.

If yes, under what circumstances?

☒  other

Each organization subject to the PDPA is legally required to appoint one or more individuals to be responsible for ensuring that an organization complies with the PDPA, commonly known as a DPO.

Where a DPO is appointed, does the DPO have to meet specific requirements?

Last review date: 15 January 2025

Yes.

If yes, what are these requirements?

☒  other

While specific requirements are not statutorily prescribed for under the PDPA, the PDPC's Advisory Guidelines state that organizations should ensure that individuals appointed as DPOs are trained and certified. A DPO should be sufficiently skilled and knowledgeable, adequately empowered to discharge their duties as a DPO, and ideally should be a member of the organization's senior management team or have a direct reporting line to the organization's senior management team.

Are there obligations to notify, submit filings to, register with or obtain approval from local data protection authorities to collect and/or process personal data generally?

Last review date: 15 January 2025

No.