Singapore: Requirement to register Data Protection Officer with ACRA
According to the Personal Data Protection Act, every organization must appoint at least one person as a Data Protection Officer (DPO) to manage data protection duties and guarantee PDPA compliance.
A DPO must possess the necessary skills and knowledge to guarantee that the organization complies with the PDPA. This officer does not have to be employee of the organization, however, he/she should be reachable at all times. Depending on the company, a DPO may be a person whose scope of work solely relates to data protection or who has numerous roles in addition to being primarily responsible for data protection.
In terms of the required steps, the board must pass a resolution on the appointment of a DPO and the company must register details of DPO with ACRA.
Please note that there is no time limit for registering a DPO. Moreover, the registration of the DPO data with ACRA is not obligatory but it is highly recommended.
For more information read Raymond Ching’s article ‘What you need to know about appointing a Data Protection Officer in Singapore’ here.