Last review date: 15 January 2025

The PDPA has territorial and extraterritorial applicability and applies to any organization that collects, uses and discloses personal data in Singapore. The term "organization" covers natural persons, corporate bodies (such as companies), and unincorporated bodies of persons (such as associations), regardless of whether they are formed or recognized under the law of Singapore or whether they are residents or have an office or place of business in Singapore.

However, note that in one case, the PDPC expressed a view on the territorial scope of the PDPA. In that case, the PDPC found that the PDPA did not apply to certain entities located in the United States because these entities did not carry out any activities in relation to the collection, use or disclosure of the affected individual's personal data in Singapore. These entities only received personal data transferred from another entity located in Singapore and processed Singapore individuals' personal data in the United States for their own purposes.