There's a regulation that could cost your business $1,000,000. And right now, you probably don't know where you stand.

Singapore's Personal Data Protection Act has 9 obligations. Most businesses only know about 1 or 2. The other 7 are where the exposure hides.

Find Out Where You Stand โ†’

Free ยท 15 minutes ยท No signup required

๐Ÿ“‹ Covers all 9 PDPA obligations ๐Ÿ“‘ Based on 47+ PDPC enforcement decisions โšก Results in days, not months
Enforcement

PDPC is actively enforcing. These are real penalties.

The Personal Data Protection Commission publishes every enforcement decision. Here are just a few.

$750,000
SingHealth
Insufficient security measures led to a breach affecting 1.5 million patients' personal data, including the Prime Minister's.
PDPC Decision, 2019
$120,000
Genki Sushi
Customer personal data exposed through an unsecured database. Insufficient compliance with the Protection obligation.
PDPC Decision, 2023
$10,000
Small Businesses
PDPC regularly penalises companies with fewer than 50 employees. "We didn't know" is not a defence. Size does not exempt you.
Multiple PDPC Decisions

You're running a business. You have payroll to make, clients to serve, and a hundred things that feel more urgent than compliance paperwork.

We understand. Nobody starts a company because they're excited about data protection policies.

But here's the reality: PDPA doesn't care how busy you are. And when PDPC comes knocking, "I didn't know" isn't a defence.

That's why we made this as simple as we could. One assessment. One clear score. And if you need help fixing it, we'll do it in days, not months.

Is This You?

If you collect personal data, PDPA applies to you

Names, phone numbers, NRICs, addresses, medical records. If it identifies a person and you have it, you're responsible for it.

Clinics & Healthcare
Patient records, appointment histories, medical data. Healthcare faces the strictest scrutiny because the data is sensitive by nature.
Property & Insurance Agents
Buyer NRICs, financial documents, transaction records. You handle high-value personal data on your phone every day.
Tuition & Enrichment
Children's personal data is the highest-risk category under PDPA. Parental consent requirements are stricter and penalties heavier.

Also applies to: F&B, retail, professional services, e-commerce, logistics, HR, and any business with a customer list or employee records.

How It Works

Three steps to full compliance

No jargon. No month-long engagements. Just clarity and results.

01

Assess

Take our free 15-minute assessment covering all 9 PDPA obligations. Get your compliance score instantly. See exactly where the gaps are.

02

Understand

Download a detailed PDF report with your gap analysis, priority actions, and what each gap means in plain English. Share it with your team.

03

Fix

We close every gap: policies, processes, documentation, staff training. Or we guide you to do it yourself. Your choice. Your pace.

Services

Choose the level of support you need

Everyone deserves protection. The only difference is how much we do for you.

Free
For the curious
$0
Always free, no strings
  • Full PDPA gap assessment
  • Compliance score (0โ€“100)
  • PDF report with recommendations
  • Breach response checklist
Start Assessment
Guided
For the hands-on
$1,500 โ€“ $3,000
One-time ยท Based on company size
  • Everything in Free
  • Half-day guided workshop
  • Policy document templates
  • Data protection notices
  • Implementation roadmap
Get in Touch
Full Service
For the busy
$5,000 โ€“ $15,000
One-time ยท 3-day engagement ยท Guaranteed
  • Everything in Guided
  • Complete policy suite built for you
  • Staff awareness training
  • Data breach response plan
  • DPO registration assistance
  • Money-back guarantee
Get in Touch
Ongoing DPO
For peace of mind
$1,500/month
We become your named Data Protection Officer
  • Named DPO registered with PDPC
  • Onboarding compliance review
  • Continuous compliance monitoring
  • Data subject request handling
  • Breach notification management
  • Quarterly reviews
  • Incident response on call
  • Annual re-assessment

Need to get compliant first? Pair with our Guided or Full Service engagement.

Get in Touch

Compared to traditional consultancies

Timeline 6โ€“8 weeks 3 days
Investment $30,000 โ€“ $50,000 $5,000 โ€“ $15,000
Guarantee None Full compliance or refund
Ongoing support Billable hours Fixed monthly retainer

Our Guarantee

If you engage our Full Service and your re-assessment doesn't show full compliance with all 9 PDPA obligations within 30 days, we refund you completely.

We can offer this because we know exactly what PDPC requires and we've built our entire practice around delivering it. The risk sits with us, not with you.

Applies to Full Service engagements. Requires implementation of our recommendations within the engagement period.

About

We protect businesses. That's what we do.

Why Komplyze exists

Every business in Singapore that handles personal data has a legal obligation to protect it. Most don't. Not because they don't care, but because nobody showed them how.

We believe that if you know businesses are exposed and you can fix it, you have an obligation to reach them. Not selling is not modesty. It's leaving people unprotected.

Komplyze is a compliance practice under Lucky Shovel, a Singapore technology company. What used to take consultancies weeks, we deliver in days. What you experience is a thorough, professional engagement backed by someone who puts their name on the line.

We're not in the compliance business. We're in the business of protecting people. Every business owner who gets fined because we didn't reach them. That's on us.
The principle behind everything we do
Common Questions

You're probably wondering

If your business collects, uses, or stores any personal data (names, phone numbers, emails, NRIC, addresses), then yes. PDPA applies to all private-sector organisations in Singapore, regardless of size. A 2-person company is held to the same standard as a multinational.
PDPC investigates and fines businesses of all sizes. SMEs and sole proprietors have been penalised. The financial penalty is one thing, but enforcement also comes with mandatory remediation orders and public disclosure. The reputational cost often exceeds the fine itself.
A privacy policy covers the Notification obligation. That's 1 of 9. You also need proper consent mechanisms, data access and correction procedures, retention limits and deletion policies, breach notification procedures, transfer safeguards, and more. In our experience, most businesses only address 1โ€“2 obligations and don't know about the other 7.
Every organisation under PDPA must designate a Data Protection Officer and register them with PDPC. With our Ongoing DPO service, we serve as your registered DPO, meaning we're personally accountable for your ongoing compliance, not just advising from the sidelines.
Three business days. Day 1: discovery and assessment. Day 2: policy and document generation. Day 3: presentation, staff training, and handover. By the end of day 3, you'll have everything you need to be fully compliant.
Please do. The assessment and PDF report are yours. No strings, no aggressive follow-up. If your score is good and you can handle the gaps yourself, we're genuinely happy for you. We'd rather you know where you stand than not.
We use proprietary systems to do the heavy lifting: policy generation, gap analysis, document creation. This lets us deliver the same quality of output in days instead of weeks. We pass that efficiency on to you. The outcome is identical. The process is simply faster.

You handle personal data every day.
Let's make sure you're protected.

Take the free assessment. 15 minutes. No signup. You'll know exactly where you stand, and what to do about it.

Take the Free Assessment โ†’

PDPC published 28 enforcement decisions in 2024 alone. The pace is accelerating.

Prefer to talk first? WhatsApp us ยท hello@komplyze.com