DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

🇸🇬 Asia-Pacific

Cookie consent in Singapore

Consent and privacy law in Singapore

In short
Singapore's PDPA, enforced by the PDPC, takes a pragmatic consent and accountability approach. The 2020 amendments introduced deemed consent by notification and legitimate interests as additional bases, so businesses are not always reliant on express opt-in. A distinctive feature is the mandatory Do Not Call registry for telemarketing, and a data breach notification regime that triggers above defined thresholds. Penalties rose with the amendments to up to 1 million Singapore dollars or 10 percent of annual turnover in Singapore. Consent withdrawal must be honoured. While there is no specific cookie law, cookies that identify individuals are personal data and need a lawful basis and clear notice.
Authority
Personal Data Protection Commission (PDPC)
Status

Personal Data Protection Act since 2012, with major amendments in force from 2021

Primary law
PDPA
Languages

en

Who must comply

Organizations collecting, using or disclosing personal data of individuals in the relevant jurisdiction.

Penalties

Up to 1 million Singapore dollars or 10 percent of annual turnover in Singapore

Key obligations

  • Notify purposes and obtain consent
  • Allow withdrawal of consent
  • Provide access and correction
  • Appoint a data protection officer
  • Protect and retain data appropriately

Local guidance

  • Use deemed consent or legitimate interests where appropriate
  • Check the Do Not Call registry before telemarketing
  • Comply with the data breach notification regime
  • Honour consent withdrawal requests

How ConsentX helps

  • Notification-first consent banner
  • Withdrawal controls
  • Access and correction intake
  • Configurable retention
Get started free
yoursite.com
🇸🇬 Singapore

We value your privacy

We ask for your consent before any non-essential cookie, with the rules that apply in your region.

Allow allReject non-essentialManage preferences

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with Singapore using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under Singapore.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that Singapore requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a Singapore audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Does Singapore require express consent for everything?+

No. The PDPA recognises deemed consent by notification and a legitimate interests basis after the 2020 amendments, so businesses do not always need express opt-in, though notice and accountability still apply.

What is Singapore's Do Not Call registry?+

It is a national registry that lets individuals opt out of telemarketing. Organisations must check the registry before sending marketing messages to Singapore numbers.

Governing law

🌏 PDPA

Other countries in Asia-Pacific

🇮🇳 भारत🇹🇭 ประเทศไทย🇨🇳 中国🇯🇵 日本🇰🇷 대한민국🇦🇺 Australia🇳🇿 New Zealand / Aotearoa🇮🇩 Indonesia🇻🇳 Việt Nam🇲🇾 Malaysia🇵🇭 Pilipinas