Statute Details
- Title: Personal Data Protection (Composition of Offences) Regulations 2021
- Act Code: PDPA2012-S70-2021
- Type: Subsidiary Legislation (SL)
- Authorising Act: Personal Data Protection Act 2012 (PDPA 2012), specifically section 55(4)
- Enacting Authority: Personal Data Protection Commission (PDPC), with approval of the Minister for Communications and Information
- Commencement: 1 February 2021
- Legislation Number: S 70/2021
- Status: Current version as at 27 March 2026 (per provided extract)
- Key Provisions (from extract): Sections 1 to 4 (citation/commencement; compoundable offences under PDPA s 55(1) and s 55(2); revocation)
- Revoked Instrument: Personal Data Protection (Composition of Offences) Regulations 2013 (G.N. No. S 759/2013)
What Is This Legislation About?
The Personal Data Protection (Composition of Offences) Regulations 2021 (“Composition Regulations”) is a Singapore subsidiary law that sets out which specific offences under the Personal Data Protection Act 2012 (“PDPA”) can be “compounded” by the Personal Data Protection Commission (“PDPC”). In practical terms, compounding is an administrative mechanism that allows certain alleged offences to be resolved without going through a full criminal prosecution, subject to conditions and payment of a composition sum.
The PDPA is Singapore’s main data protection statute. It regulates how organisations collect, use, disclose, and care for personal data, and it imposes compliance obligations backed by criminal offences for certain breaches. However, not every breach is necessarily intended to be handled through court proceedings. The PDPA therefore provides a framework for compounding selected offences, and the Composition Regulations identify the offences that fall within that framework.
In plain language, this legislation helps PDPC manage enforcement efficiently. It provides a clear list of PDPA offences that are eligible for compounding, thereby giving organisations a predictable pathway to resolve matters—often faster and with less litigation risk—while still reinforcing accountability for non-compliance.
What Are the Key Provisions?
Section 1: Citation and commencement establishes the formal identity of the Regulations and when they take effect. The Composition Regulations are cited as “Personal Data Protection (Composition of Offences) Regulations 2021” and come into operation on 1 February 2021. This commencement date matters because the Regulations also refer to offences “as in force immediately before 1 February 2021” (see section 3(b)), meaning the legal landscape at that time is relevant to determining which offences are compoundable.
Section 2: Offences compoundable under section 55(1) of the PDPA is the first substantive provision. It states that any offence under section 51(1) or section 61(2) of the PDPA may be compounded by the PDPC in accordance with section 55(1) of the PDPA. While the extract does not reproduce the content of PDPA sections 51(1) and 61(2), the legal effect of section 2 is clear: if PDPC alleges an offence falling within those provisions, the matter is within the compounding regime.
Section 3: Offences compoundable under section 55(2) of the PDPA sets out a second category of compoundable offences. It provides that the following offences may be compounded in accordance with section 55(2) of the PDPA:
(a) any offence under section 42(2) of the PDPA;
(b) any offence under sections 43(2), 44(2) or 45(2) of the PDPA as in force immediately before 1 February 2021.
This structure is important for practitioners. Section 3(a) is straightforward: offences under PDPA section 42(2) are compoundable. Section 3(b) is more nuanced because it “freezes” the relevant version of PDPA sections 43(2), 44(2), and 45(2) to the law as it stood immediately before 1 February 2021. That drafting technique typically signals that the PDPA provisions were amended around that date, and the compounding eligibility is tied to the pre-amendment wording for those particular offences.
Section 4: Revocation provides that the earlier Personal Data Protection (Composition of Offences) Regulations 2013 (G.N. No. S 759/2013) are revoked. Revocation ensures there is one coherent and up-to-date list of compoundable offences. For lawyers advising on enforcement matters, revocation also affects which instrument governs the compounding regime for alleged conduct occurring after the commencement date, and it may affect transitional questions for conduct spanning the changeover.
How Is This Legislation Structured?
The Composition Regulations are short and tightly focused. They consist of four sections:
Section 1 covers citation and commencement (1 February 2021).
Sections 2 and 3 identify the offences that may be compounded, but they do so by reference to two different compounding pathways in the PDPA: offences compoundable under section 55(1) (section 2 of the Regulations) and offences compoundable under section 55(2) (section 3 of the Regulations).
Section 4 revokes the earlier 2013 compounding regulations.
From a practitioner’s perspective, the Regulations function as a “mapping” instrument: they connect specific PDPA offence provisions to the PDPA’s compounding powers. The Regulations do not themselves set out the mechanics of compounding (such as the composition sum or procedural steps); those are governed by the PDPA, with the Regulations determining which offences are eligible.
Who Does This Legislation Apply To?
The Composition Regulations apply to organisations (and, depending on how the PDPA offence provisions are framed, potentially individuals acting in an organisational context) that may be alleged to have committed specified offences under the PDPA. The compounding mechanism is relevant when PDPC considers that an alleged breach amounts to a criminal offence under the PDPA and falls within the list of offences that can be compounded.
In practice, the Regulations are most relevant to organisations facing PDPC enforcement action, including those involved in investigations or compliance reviews. They are also relevant to legal counsel advising on risk management and settlement strategy, because compounding can be a pragmatic alternative to prosecution where eligible offences are identified.
Why Is This Legislation Important?
This legislation is important because it directly affects enforcement outcomes for certain PDPA offences. By specifying which offences may be compounded, the Regulations provide a structured route for resolving matters without court proceedings. For regulated entities, this can reduce uncertainty, shorten resolution timelines, and limit the costs and reputational exposure associated with litigation.
For lawyers, the Regulations are also significant because they interact with the PDPA’s offence framework and its compounding provisions. The Regulations’ references to PDPA sections 51(1), 61(2), 42(2), and (pre-1 February 2021) sections 43(2), 44(2), and 45(2) mean that counsel must carefully analyse:
- Which PDPA offence provision is alleged (and whether it matches the listed compoundable offences);
- When the alleged conduct occurred, especially for the “as in force immediately before 1 February 2021” wording in section 3(b); and
- Whether the compounding pathway under PDPA section 55(1) or section 55(2) is engaged.
Finally, the revocation of the 2013 Regulations signals a legislative update and consolidation. This matters for matters involving older conduct or for organisations that have historical compliance issues. Counsel should ensure they use the correct version of the compounding regulations based on the relevant time period and the applicable PDPA offence wording.
Related Legislation
- Personal Data Protection Act 2012 (PDPA 2012) — particularly section 55 (composition of offences) and the offence provisions referenced in the Regulations (sections 42, 43, 44, 45, 51, and 61).
- Personal Data Protection (Composition of Offences) Regulations 2013 (G.N. No. S 759/2013) — revoked by section 4 of the 2021 Regulations.
Source Documents
This article provides an overview of the Personal Data Protection (Composition of Offences) Regulations 2021 for legal research and educational purposes. It does not constitute legal advice. Readers should consult the official text for authoritative provisions.