Singapore increases data breach penalty to 10% of turnover, from 1 October

Non-compliance with Singapore's Personal Data Protection Act can now attract a higher penalty of up to 10 per cent of local annual turnover for organisations whose turnover exceeds S$10 million. 

This change, which was passed in November 2020, will take effect on 1 October this year. 

"Organisations must continue to take ownership and be held accountable, especially those that hold sizeable volumes of data," Singapore's Minister of Communications and Information said.

Among the slew of changes to Singapore's data protection law that took effect in February last year, it is now mandatory to report to the commission within 3 calendar days from discovering a notifiable breach. 

A notifiable breach is one that affects more than 500 individuals or poses a significant impact of harm to any 1 individual.