Singapore has long been a regional banking and trading hub, but in recent years, as multinational companies in other sectors have moved their regional headquarters to Singapore, it is also emerging as a regional data hub. This shift has implications for companies involved in US compliance and investigation activities in the Asia-Pacific region. US authorities require and expect that legal and compliance personnel will use data to support their work in these areas.
In this advisory, we discuss Singapore’s data protection policies, including data localization. We will also focus on the impact of the recent amendments to Singapore’s main data protection legislation, the Personal Data Protection Act (PDPA), which took effect on February 1, 2021, including the new “legitimate interests” exception, for companies conducting data driven compliance reviews and investigations involving Singapore-based data.