Privacy and Data Protection-related Laws
The below is summarized from this resource, which is a clear and thorough guide to regulation for those hoping to set up fintech startups in Singapore (as of October 24, 2016).
There are three main laws in Singapore related to data security in Singapore.
Personal Data Protection Act (PDPA).
- Personal data is defined as “any data which can identify an individual, either on its own or in conjunction with any other data held or likely to be held by any organization.”
- Requirements to be PDPA-compliant are as follows:
- Must obtain consent of individuals
- Prepare the company’s personal data privacy policy to be made available to the public
- Implement the personal data privacy policy
- Appoint a data protection officer
- Build in physical and computer safeguards to wrongful access of data
- Control and limit access to personal data to key authorized personnel
- Educate employees to avoid any accidental breaches
- Build in physical and computer safeguards to wrongful access of data
- See the above link for more details.
Anti-Money Laundering Law (AML) and Countering of Terrorism Financing (CFT)
- To comply with AML and CFT regulations, fintech companies are required to
- Collect the right data to identify, know and verify their customers (KYC)
- Conduct regular account reviews
- Monitor and report any suspicious transaction.
- See the above link for more details.
Sources: