Our Blog

The PDPA and Call Recording in Singapore. What you need to know.

The PDPA and Call Recording in Singapore. What you need to know.

Singapore’s Personal Data Protection Act (PDPA) brought complex new obligations for organisations surrounding the recording of conversations with customers.

Most nations around the world now have regulations or legislation that stipulate how individuals’ personal data should be processed and stored – and which also extend to the recording of conversations, which is routine practice in many organisations, for a variety of reasons. In Singapore, the use of personal data is covered by the Personal Data Protection Act (PDPA), which took effect on 2nd January 2013 and is described as ‘robust’ by DLA Piper[1].

Recording and storing personal data

In fact, arguably, the most important component of the PDPA is the need to record and store written data, such as emails and texts, as well as voice and video call recordings that contain personal data.

It means that any organisation, such as contact and call centres, that collects personal data – or has conversations that include personal information about customers – must record these communications, securely and safely. The length of time for which these need to be stored is based on a standard of “reasonableness”, with respect to the purpose for which the data was collected.

Under the PDPA organisations must comply with the nine data protection provisions outlined in the act:

  • Consent Obligation
  • Purpose Limitation Obligation
  • Notification Obligation
  • Access and Correction Obligation
  • Accuracy Obligation
  • Protection Obligation
  • Retention Limitation Obligation
  • Transfer Limitation Obligation
  • Accountability Obligation

So, any conversation covering these aspects falls under the PDPA and must be recorded, securely stored, and be easily retrievable for compliance and audit purposes, or to prove active consent in potential disputes. These recordings must also be easy to delete, for example, at the end of a contract or agreement that contains the personal data or as part of a ‘right to be deleted’ request.

Of course, personal data provisions and call recording obligations are not just limited to Singapore. For example, Thailand and Malaysia have their own versions of the PDPA, so organisations operating in this region are likely to require compliance with several different acts if they converse with customers in different countries in the region.

PDPA compliance with Touch Call Recording

For many organisations, compliance with the act while ensuring the secure, safe recording of calls across fixed, mobile, and other channels, will likely bring considerable challenges and headache. But Touch Call Recording can relieve that burden. Touch has been helping multinational organisations to meet all their call recording and data protection obligations for decades.

Our managed call recording, storage and retrieval service requires no CAPEX investment and provides a flexible, scalable, and future-proof solution to PDPA. Our infrastructure is compliant-ready, secure, and reliable and offers easy retrieval of data and voice communications via a simple, intuitive web interface. Conversations can be easily and quickly searched and accessed by time, telephone number and name. Best of all, if covers more than 40 digital communications channels, ensuring that your organisation is covered and can meet its obligations under PDPA.

Touch offers a complete service, easy to use, and intuitive way to help your organisation comply with Singapore’s PDPA requirements. Get in touch to find out how we can help.

 

[1] https://www.dlapiperdataprotection.com

Written on 11 March 2021
touch logo

Get in touch

Photo of Kjetil Abo

If you have an enquiry or a question, send an email to Kjetil Abo, CEO Asia.

This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Linkedin
  • Twitter
  • blog