Contractor’s Insolvency

ARTICLES /

Outsourcing Appointment of a Data Protection Officer (DPO)

Have you appointed your Data Protection Officer?

APRIL 2025

Is a DPO Required for Your Organisation?

Pursuant to Section 12A (1) of the Personal Data Protection (Amendment) Act 2024:

“A data controller shall appoint one or more data protection officers who shall be accountable to the data controller for the compliance with this Act.”

Under the Data Protection Officer Appointment Guidelines, EFFECTIVE 01 JUNE 2025, the appointment of a DPO is mandatory if the processing of data involve:

  1. personal date of more than 20,000 data subjects;
  2. sensitive personal data including financial information of more than 10,000 data subjects; or
  3. activities that require regular and systematic monitoring.

Responsibilities of Data Protection Officer

A Data Protection Officer is responsible to:

  • inform and advise the data controller or data processor, and their employees, on the processing of personal data in compliance with the PDPA;
  • provide support services in the application of personal data regulations;
  • monitor compliance with the provisions of PDPA with the implementation of Policies relating to protection of personal data developed by data controllers and data processors including assigning responsibilities under such policies, raising awareness, training employees and conducting audits;
  • support and advise on the implementation of Data Protection Impact Assessments in accordance with the requirements as may be determined by the Commissioner from time to time and monitor its compliance;
  • act as the primary liaison officer with the Commissioner in matters relating to compliance with the PDPA and data subjects on all issues relating to the processing of personal data and the rights of data subjects;
  • ensure that data controllers or data processors properly manage data breaches and security incidents including the preparation, processing and submission of reports and other documentation required by the Commissioner in relation to personal data breaches within the prescribed period.

Need Assistance?

Organisations may outsource Data Protection Officer (DPO) functions to meet their legal and operational obligations under the PDPA. 

For further information, feel free to reach out via email or WhatsApp.