IHiS / SingHealth
Singapore's largest healthcare data breach — 1.5 million patient records. Investigators found inadequate policies and an under-resourced DPO function. The largest PDPA fine in history at the time.
$750,000 fineAppointing a Data Protection Officer has been mandatory under the PDPA since 2014. Not a best practice — a legal requirement, with no exception for company size. Komplyze trains the person you appoint, hands them the full toolkit, and does the remembering behind them.
Singapore's largest healthcare data breach — 1.5 million patient records. Investigators found inadequate policies and an under-resourced DPO function. The largest PDPA fine in history at the time.
$750,000 fineUpdated its privacy policy without properly notifying users or obtaining fresh consent. A household name with a full legal team — it didn't matter. PDPC doesn't grade on size.
$10,000 fineAn employee's laptop is stolen on Friday evening, customer data on it. You have 3 calendar days to assess and notify the PDPC if it's notifiable. Who in your business knows what to do tonight? If the answer is nobody — the clock is already running.
up to $1M exposureThe most common one. Many owners simply don't know the requirement exists. Under PDPA Section 11(3), every organisation that collects personal data must designate a DPO. Yours included.
The office manager, the HR lead, the founder — someone gets the title on top of a full-time job, with no training, no playbook, no time. When something real happens, a DPO in name only protects no one.
You can outsource the whole role to a third party — but a stranger will never know your business like your own people do. There's a third path: keep the role in-house, and outsource the heavy lifting behind it.
You appoint someone inside the business — usually a director. We turn them into a DPO who can actually do the job, and we carry the workload behind them.
Tell us about your business and who you're thinking of appointing. We'll tell you honestly what you need — no commitment, no pressure.
Appointment documented, data inventory built, policy suite drafted, breach plan in place — and your appointee trained on all of it.
Your DPO handles the role with the agent doing the remembering. Quarterly reviews keep it current. When something serious happens, we're on call.
Your maximum PDPA exposure is up to $1 million. This is half a percent of that — for a trained DPO, a complete toolkit, and a team on call when it counts.
If the answer is no — or "sort of" — start with the free assessment. It checks your whole PDPA posture in minutes, and the fix comes with templates either way.