top of page
Screenshot 2025-05-14 at 3.00_edited.jpg

Data Protection & Cybersecurity

Data fuels artificial intelligence and drives innovation, technological transformation and the digital economy. The rapid increase in the value of data has been matched by the alarming frequency of data breaches and scams, cybersecurity incidents, and the resultant increase in regulatory and contractual safeguards. Having in place robust data management systems and practices is necessary to enable businesses to unlock the value of data responsibly and securely, while ensuring adequate protection for individuals and corporate customers’ data.  

Our Data Protection & Cybersecurity team is comprised of lawyers who are Certified Information Privacy Professionals (Asia & Europe) with wide experience in: 

  • advising data owners, organisations, intermediaries and users on data protection management, policies and contracts 
     

  • responding to data breaches 
     

  • advising critical information infrastructure owners on their regulatory and compliance obligations under cybersecurity laws

We provide legal support in the following areas: 

Establish Robust Compliance Frameworks

  • Audits & Gap Analyses: Conduct thorough reviews of your data-handling practices against PDPA requirements to identify compliance gaps and recommend remediation steps
     

  • Policy Development & Implementation: Draft and guide your implementation of essential documents, including external-facing privacy policies, internal data protection and security policies, standard operating procedures, employee guidelines, and consent forms
     

  • Data Protection Officer (DPO) Support: Advise and support your designated DPO in fulfilling their statutory obligations under the PDPA
     

  • Customised Training Programs: Develop and deliver tailored training for your employees on data protection principles, policies, and procedures
     

  • Data Inventory & Mapping: Guide you in mapping data flows within your organisation to understand how personal data is collected, used, stored, and disclosed
     

Integrate Data Protection & Cybersecurity into Operations

  • Data Processing & Sharing Agreements: Draft and negotiate agreements with vendors, partners, and other third parties to ensure compliant data processing and sharing arrangements and to build in adequate security guardrails
     

  • Cross-Border Data Transfers: Advise on requirements for legally transferring personal data out of or into Singapore, ensuring compliance with cross-border transfer obligations
     

  • Transactional Due Diligence: Conduct data protection due diligence in mergers, acquisitions, and other corporate transactions to identify potential liabilities and integration challenges
     

  • Privacy-by-Design: Advise on incorporating data protection considerations into the design of new products, services, and technologies (including AI, IoT, Big Data analytics)
     

  • Data Protection Impact Assessments (DPIAs): Guide you in conducting DPIAs for high-risk processing activities to identify and mitigate potential privacy impacts
     

Manage Incidents & Regulatory Action

  • Breach Response: Develop data breach and security incident response plans and provide urgent support during actual incidents, including investigation, containment, risk assessment, and remediation
     

  • Breach Reporting: Advise on and assist to notify the Personal Data Protection Commission (PDPC) and affected individuals following a data breach and the Cyber Security Agency (CSA) following security incidents
     

  • Regulatory Investigations & Enforcement: Represent and advise you in investigations, queries, and enforcement actions by the PDPC and CSA
     

  • Data Subject Rights Management: Develop processes for handling requests and complaints from individuals, such as access requests and withdrawals of consent
     

Our experience in this area includes: 

  • Conducted a comprehensive PDPA compliance audit for a multinational e-commerce platform, identifying gaps and developing remediation plans and procedures
     

  • Supported a global hospitality group in a data protection compliance project by developing internal data management framework and policies, advising on intra-group data transfers, drafting and reviewing contracts
     

  • Advised a charitable association on compliance with the PDPA in relation to their operations, including their interactions with customers, students, volunteers, donors, beneficiaries, employees and service providers. We prepared their data protection policies and reviewed relevant forms and contracts for PDPA compliance
     

  • Drafted website privacy policies and terms of use for government and public agencies, technology service providers, e-commerce platforms
     

  • Managed a client’s response to a data breach incident in several countries, making mandatory breach notifications, advising the client on its interactions with the authorities and affected individuals to secure a favourable outcome, and supporting the client with remedial actions
     

  • Developed and delivered bespoke PDPA and confidentiality training programs for management and operational staff across various industries
     

  • Drafted and negotiated agreements on behalf of critical information infrastructure (CII) owners, taking into account their compliance obligations under the Cybersecurity Act and other laws

Key Contacts:

Anna.jpg

Anna Toh

Director

anna.toh@amicalaw.com

+65 6303 6234

Geraldine.jpg

Geraldine Tan

Director

geraldine.tan@amicalaw.com

+65 6303 6231

Wilson(2017).jpg

Wilson Wong

Director

wilson.wong@amicalaw.com

+65 6303 6213

bottom of page