Browse Skills

PDPA — Data Protection Management Programme (Singapore)

    Singapore PDPA Privacy Data protection DPMP
    Get Started with This Skill

    Overview

    Draft and validate the Data Protection Management Programme (DPMP) required by Singapore’s Personal Data Protection Act 2012. Covers governance, data inventory, DPIA, breach management plan, and DPO appointment per PDPC guidance.

    Example Conversation

    You: We need a Data Protection Management Programme for our Singapore entity. We have a DPO, a basic data inventory, and we want to align with PDPC’s DPMP guide. Can you draft the DPMP and run the checker?

    Agent: I’ll draft the DPMP covering the nine PDPA obligations, governance, data inventory, breach management (including 3-day PDPC notification), and DNCR where relevant. Then I’ll run dpmp_obligation_checker on it.

    Agent: Created dpmp-singapore.md with the full structure. Running dpmp_obligation_checker

    Agent: Check PASS — all nine obligations are addressed, breach notification to PDPC within 3 calendar days is documented, DPO appointment is in place, and DNCR is addressed. One suggestion: add a short section on staff training records to strengthen the governance part.

    You: Add that section and run the checker again.

    Agent: Added the training records section and re-ran the checker. Still PASS. The DPMP is ready for internal review.

    What the Tools Validate

    dpmp_obligation_checker scans the DPMP document for:

    • Nine PDPA obligations — Consent, purpose limitation, notification, access, correction, accuracy, protection, retention, and transfer must each be clearly addressed.
    • Breach notification — The document must state that notifiable breaches are reported to PDPC within 3 calendar days.
    • DPO appointment — Data Protection Officer appointment or designation must be documented.
    • DNCR — Do Not Call Register compliance must be addressed where applicable (e.g. marketing).

    Output: PASS if all are present; otherwise FAIL with a line per missing element. Fix gaps and re-run until the check passes.

    Output Excerpt

    Excerpt from a generated DPMP and a sample checker report.

    DPMP (excerpt):

    ## Governance
- Data Protection Officer: [Name], reporting to [Legal/Compliance]. Contact: dpo@company.com.
- Data protection policy approved by [Board/Management] on [date]. Staff training on PDPA conducted annually; records retained.

## Breach management
- Notifiable breaches are reported to the PDPC as soon as practicable and in any event within **3 calendar days** after we have assessed that the breach is notifiable under PDPC guidance.

    dpmp_obligation_checker report (excerpt):

    === PDPA DPMP OBLIGATION CHECK ===
Result: PASS

Document: dpmp-singapore.md
PDPA obligation 'Consent' is addressed.
...
Breach notification timeline (3 calendar days to PDPC) is documented.
DPO appointment is documented.
DNCR (Do Not Call Register) compliance is addressed where applicable.
DPMP meets PDPA obligation coverage expectations.

    Getting Started

    Add your source materials to the project workspace (e.g. existing data inventory or policy snippets), then activate the PDPA — Data Protection Management Programme (Singapore) skill. The agent will guide you through drafting the DPMP and running dpmp_obligation_checker until the check passes.

    Ready to let your expertise drive the workflow?

    Stop wrestling with rigid templates and complex tooling. Write your process in markdown, let the agent handle the rest.

    Get Started