Overview On The Appointment Of Personal Data Protection Officer Under The Personal Data Protection Act 2010

Introduction

Section 12A of the Personal Data Protection Act 2010¹ [Act 709] ("PDPA"), which will come into effect on 1 June 2025 requires data controller and data processor to appoint one or more data protection officers ("DPO") who shall be accountable to the data controller and the data processor for the compliance with the PDPA.

Pursuant to the above and Section 48(g) of the PDPA, the Personal Data Protection Commissioner ("Commissioner") has recently issued:

(a) Circular of Personal Data Protection Commissioner No. 1/2025 (Appointment of Data Protection Officer) ("Circular No. 1/2025"); and

(b) Personal Data Protection Guideline: Appointment of Data Protection Officer Version 1.0 ("DPO Guideline").

Circular No. 1/2025 (which will come into effect on 1 June 2025) and the DPO Guideline serves as a valuable reference to help data controller and data processor in adhering to their obligations in respect of the appointment of DPO.

Key Information under the Circular No. 1/2025 and the DPO Guideline

We highlight below some of the key information under the Circular No. 1/2025 and the DPO Guideline:

Conclusion

In conclusion, data controllers and data processors that have satisfied the conditions for the appointment of the DPO are required to appoint DPO and to comply with all the requirements in respect of such appointments as required under Circular No. 1/2025 and DPO Guideline. Further, it is important for such data controllers and data processors to be proactive in reviewing and updating their existing data protection policies, procedures and notices to reflect the above requirements and to strictly adhere to the same to ensure compliance with the PDPA.

Footnotes

1. Incorporated into the PDPA pursuant to the Personal Data Protection (Amendment) Act 2024.

2. Paragraph 4(1) of Circular No. 1/2025 and Paragraph 4.2 of DPO Guideline.

3. Paragraph 4.3 of DPO Guideline.

4. Paragraph 4(3) of Circular No. 1/2025 and Paragraph 6.3 of DPO Guideline.

5. Paragraph 4(3) of Circular No. 1/2025 and Paragraph 6.9 of DPO Guideline

6. Paragraph 4(6) of Circular No. 1/2025 and Paragraph 6.5 of DPO Guideline.

7. Paragraph 6.6 of DPO Guideline.

8. Paragraph 4(5) of Circular No. 1/2025 and Paragraph 5.5 of DPO Guideline.

9. Paragraph 4(4) of Circular No. 1/2025 and Paragraph 6.10 of DPO Guideline.

10. Paragraphs 8(1) and (2) of Circular No. 1/2025 and Paragraphs 7.1 and 7.2 of DPO Guideline.

11. Paragraph 8(3) of Circular No. 1/2025 and Paragraph 7.4 of DPO Guideline.

12. Paragraph 5(1) of Circular No. 1/2025 and Paragraphs 8 to 10 of DPO Guideline.

13. Paragraphs 6(1) to 6(9) of Circular No. 1/2025 and Paragraphs 11, 13 to 16 of DPO Guideline.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.