PDPA
Personal Data Protection Act
Singapore / Thailand
In force
Asia & Africa
Who must comply
Organizations collecting, using or disclosing personal data of individuals in the relevant jurisdiction.
Penalties
Varies by jurisdiction, up to significant percentage-of-turnover or fixed-sum fines.
Key obligations
- Notify purposes and obtain consent
- Allow withdrawal of consent
- Provide access and correction
- Appoint a data protection officer
- Protect and retain data appropriately
How ConsentX helps
Notification-first consent banner
Withdrawal controls
Access and correction intake
Configurable retention
Get PDPA ready with ConsentX
This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.
How to comply with PDPA using ConsentX
- 1
Scan your website
Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under PDPA.
- 2
Show a geo-aware consent banner
Add the ConsentX banner. It detects each visitor region and shows the consent experience that PDPA requires, automatically.
- 3
Block trackers until consent
Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.
- 4
Record tamper-evident proof
Every choice is stored as a tamper-evident consent receipt you can produce in a PDPA audit.
- 5
Handle data requests on time
Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.
Frequently asked questions
Does PDPA require consent before collecting data?+
Yes. You must notify the purpose and obtain consent before collecting or using personal data, and allow withdrawal.