Importance of PDPA Compliance in Singapore for Preparing XBRL Reports

With the rapid growth of digital platforms, pretty much anything and everything can be done online today, forcing the disclosure of personal information to companies and organisations. As a result, companies that collect personal data are at an increased risk of cyber-attacks and identity thefts. Since filing annual XBRL reports with ACRA require the disclosure of massive personal information, companies can be exposed to data misuse during financial reporting.

To tackle these issues, the parliament of Singapore enacted the Personal Data Protection Act in 2012 to ensure a strong privacy protection regime in the country. By managing the flow of personal data between organisations, PDPA’s objective is to strengthen Singapore’s position as a trusted business hub. Continue reading the blog to learn more about the importance of PDPA Singapore compliance in XBRL preparation and how companies can achieve the same.

What is PDPA Singapore?

Personal Data Protection Act or PDPA is a data protection law in Singapore governing the processing and managing of personal data. Passed in October 2012, the act respects individuals’ rights to their data. After a comprehensive review, the parliament passed a PDPA Amendment Act on November 2020, which came into effect on 1 February 2021. Any company that handles personal data has to comply with the PDPA regulations, with no exceptions for start-ups or SMEs.


PDPA Compliance and XBRL Reporting

With the use of digital formats for financial reporting, individuals are inevitably concerned about how companies use their data. However, with PDPA in place, companies in Singapore now have to follow clearer guidelines for reviewing their current data processes and handling data. PDPA offers several rights to individuals concerning the processing of their data. These rights include:-

  • Right of access to data
  • Right to rectification of errors
  • Right to deletion
  • Right to object to processing
  • Right to restrict processing
  • Right to data portability
  • Right to withdraw consent
  • Right to object to marketing
  • Right to complain to data protection authorities
  • Right protecting against solely automated decision-making and profiling

By establishing the rights mentioned above, PDPA has been a huge step toward protecting data in XBRL reporting.

How to Ensure PDPA Compliance?

As per the act, every company must appoint at least one Data Protection Officer (DPO). The data protection officer is responsible for regulating the collection, use, and disclosure of personal data by organisations. Other responsibilities of a DPO include:-

  • Fostering a data protection culture among employees in an organisation.
  • Managing queries and complaints related to data protection.
  • Liaising with Personal Data Protection Commission (PDPC) on data protection issues.
  • Alerting management of any personal data risks.

Companies are not required by law to submit DPO details with the PDPC. However, Singapore companies are encouraged to submit DPO details through ACRA’s BizFile+.

Outsource Your XBRL Requirements to DataTracks!

Data security and privacy are the two critical matters in this digital age. If you want to outsource your XBRL requirements to a third-party vendor, make sure the company has a stringent privacy policy. Enter DataTracks…

With 17+ years of experience preparing compliant reports, DataTracks can be your ideal partner for XBRL reporting. Moreover, the company continually reviews its information handling practices to ensure compliance with Singapore’s Personal Data Protection Act. So what are you waiting for? Get in touch with a DataTracks expert @ +65-31-582-850 or email

Schedule A Demo

Schedule A Demo