# PDPA — Data Protection Management Programme (Singapore) > Draft and validate the Data Protection Management Programme (DPMP) required by Singapore's Personal Data Protection Act 2012. Covers governance, data inventory, DPIA, breach management plan, and DPO appointment per PDPC guidance. Tags: Singapore, PDPA, Privacy, Data protection, DPMP ## Example Prompts - Draft our Singapore PDPA Data Protection Management Programme - Check our DPMP for all nine PDPA obligations and 3-day breach notification - Prepare DPMP documentation for PDPC alignment and DPO appointment URL: https://rakenne.app/skills/sg-pdpa-data-protection-programme/index.md Try this skill: https://rakenne.app/a/?skill=sg-pdpa-data-protection-programme ## Overview Draft and validate the Data Protection Management Programme (DPMP) required by Singapore's Personal Data Protection Act 2012. Covers governance, data inventory, DPIA, breach management plan, and DPO appointment per PDPC guidance. ## Example Conversation > **You:** We need a Data Protection Management Programme for our Singapore entity. We have a DPO, a basic data inventory, and we want to align with PDPC’s DPMP guide. Can you draft the DPMP and run the checker? > **Agent:** I’ll draft the DPMP covering the nine PDPA obligations, governance, data inventory, breach management (including 3-day PDPC notification), and DNCR where relevant. Then I’ll run `dpmp_obligation_checker` on it. > **Agent:** Created `dpmp-singapore.md` with the full structure. Running `dpmp_obligation_checker`… > **Agent:** Check **PASS** — all nine obligations are addressed, breach notification to PDPC within 3 calendar days is documented, DPO appointment is in place, and DNCR is addressed. One suggestion: add a short section on staff training records to strengthen the governance part. > **You:** Add that section and run the checker again. > **Agent:** Added the training records section and re-ran the checker. Still **PASS**. The DPMP is ready for internal review. ## What the Tools Validate **`dpmp_obligation_checker`** scans the DPMP document for: - **Nine PDPA obligations** — Consent, purpose limitation, notification, access, correction, accuracy, protection, retention, and transfer must each be clearly addressed. - **Breach notification** — The document must state that notifiable breaches are reported to PDPC within 3 calendar days. - **DPO appointment** — Data Protection Officer appointment or designation must be documented. - **DNCR** — Do Not Call Register compliance must be addressed where applicable (e.g. marketing). **Output:** PASS if all are present; otherwise FAIL with a line per missing element. Fix gaps and re-run until the check passes. ## Output Excerpt Excerpt from a generated DPMP and a sample checker report. **DPMP (excerpt):** ```markdown ## Governance - Data Protection Officer: [Name], reporting to [Legal/Compliance]. Contact: dpo@company.com. - Data protection policy approved by [Board/Management] on [date]. Staff training on PDPA conducted annually; records retained. ## Breach management - Notifiable breaches are reported to the PDPC as soon as practicable and in any event within **3 calendar days** after we have assessed that the breach is notifiable under PDPC guidance. ``` **dpmp_obligation_checker report (excerpt):** ``` === PDPA DPMP OBLIGATION CHECK === Result: PASS Document: dpmp-singapore.md PDPA obligation 'Consent' is addressed. ... Breach notification timeline (3 calendar days to PDPC) is documented. DPO appointment is documented. DNCR (Do Not Call Register) compliance is addressed where applicable. DPMP meets PDPA obligation coverage expectations. ``` ## Getting Started Add your source materials to the project workspace (e.g. existing data inventory or policy snippets), then activate the *PDPA — Data Protection Management Programme (Singapore)* skill. The agent will guide you through drafting the DPMP and running `dpmp_obligation_checker` until the check passes. --- Back to [Skill Library](https://rakenne.app/skills/index.md)