Access and Correct Personal Data
Do you have a procedure to handle people requesting access to their personal data?
Do you have a list of third party organisations you had disclosed personal data to?
Do you have a procedure to handle people requesting for correction of their personal data?
Do you have a procedure to send corrected personal data to third party organisations you had disclosed personal data to within one year of the correction?
You should ensure that people can formally request for access to, and/or correct, their personal data stored with you.
You should keep records of how personal data was used, who it was disclosed to, and for what purpose.
You should correct personal data as soon as practicable, unless an exception under the PDPA applies.
You may charge a reasonable administrative fee for such access/correction requests, provided it complies with the Regulations. Generally, you must inform the person of the fee in writing before you can charge the person.
If a correction to personal data is made, generally, you should send the corrected data to third party organisations you had disclosed the data to. This should be done within a year the correction is made, unless the organisation does not need the corrected data for business or legal purposes. You may send the corrected data only to selected organisations (unless you are a credit bureau) with the individual’s consent.
There are exceptions to a person's right to access or correct personal data under the PDPA, including section 21(3), and the Fifth and Sixth Schedules.
Sample Term in a Policy or Website
You may request for access, or make corrections, to your personal data held by us at any time. Simply email or write to us at the contact information above. We may charge a fee in relation to any request to access, or make corrections, to your personal data held by us.
Sample Access to Personal Data Form
(1) We [or insert your organisation name] will, subject to the Personal Data Protection Act 2012 ("PDPA") and relevant subsidiary legislation, comply with your personal data access request as soon as reasonably possible upon your request. Please allow us approximately [no.] working days to process your request.
(2) We will only be providing you with (i) personal data about you that is in our possession or under our control; and (ii) information about the ways in which such personal data has been or may have been used or disclosed by us within one year before the date of your request. In certain limited circumstances provided for under the PDPA and relevant subsidiary legislation, we may deny you access to your personal data. If there is any potential conflict between your personal data access request and a third party individual’s rights to privacy or confidentiality, we may be obliged to delete or redact the names or other identifying particulars from the extracted personal data.
You will be charged a fee of S$10.70 for this access request.
The following types of personal data will be generated regarding this request:
Home contact number
Mobile contact number