Mon - Fri 10:00-18:00 (GMT +8)
in Singapore
Contact Us
Contact Us

Data Protection Officer Requirement: What You Need to Know 

  • A webinar was conducted on what companies needed to know on the Data Protection Officer (DPO) Requirement, which is a mandatory requirement for Singapore-registered companies. 
  • The speakers of the event were Mr Andy Prakash and Mr Dexter Ng, Founder and Chief Technology Officer respectively of Privacy Ninja 
  • The speakers discussed the roles and responsibilities of a DPOwhy it is essential for businesses in Singapore and their experience of combatting business challenges in cybersecurity. 
  • The event was moderated by Ms Jeslin Bay, Co-Founder of BlackStorm Consulting.  

September 30, 2020With the rise of remote working and business activities being done virtually due to COVID-19, many companies may be vulnerable to cybersecurity and data protection threats. This situation may potentially be detrimental for businesses in the long run if they do not take steps to mitigate them as soon as possible. 

 It was an honour for BlackStorm Consulting to have Mr Andy Prakash and Mr Dexter Ng from Privacy Ninja, experts on cybersecurity and data protection with vast experience in the field to share their expertise on the need for a Data Protection Officer and their experience on combatting cybersecurity threats to businesses 

This article will present some highlights covered in the event. 

Roles and Responsibilities of a Data Protection Officer (DPO) 

Many may not be sure what a DPO is and why it is needed for their business. A DPO mainly has to develop and implement policies and processes for handling personal data. They also have to ensure the data protection policies and processes are maintained in the business. Under the Personal Data Protection Act (PDPA), businesses in the past have been fined by the Personal Data Protection Commission (PDPC) Singapore for not having a DPO.  

Andy highlighted many of the past cases of data breaches in Singapore and stressed the severity of the punishments given to businesses for violating the PDPA.  

Cyber Security and Data Protection Threats 

With the ever-changing world of technology, there will always be newer and more malicious threats that businesses are susceptible to. Businesses are often left vulnerable due to a multitude of reasons. Some also are not sure where to start to protect themselves from these threats.  

Andy and Dexter shared their experience of how their past clients got hacked and what caused them to be vulnerable in the first place. They shared that many businesses especially SMEs tend to be complacent, thinking that hackers would not target them due to them being small. Hackers do not exclusively target larger companies; they will hack any system that is compromised and often engage in ransomware. For example, one who withholds sensitive information in exchange for cryptocurrency. This complacency causes many SMEs to not place much importance in cybersecurity and data protection. 

Another reason business fall prey to hackers is due to using simple and weak passwords out of convenience. This often leads to systems getting easily hacked and sensitive data getting stolen within seconds. Businesses are highly encouraged in having more sophisticated passwords and have processes in place to ensure this data is only accessible by a few key individuals to prevent any breaches of data. 

Importance of a DPO 

The DPO’s role of creating and maintaining policies and processes is not only to be PDPA compliant but also potentially prevent any data breaches which may cause the business other unnecessary costs. The DPO also ensures regular risks assessments and audits are conducted in ensuring data security.  

Andy highlighted in the webinar that a DPO would not guarantee a prevention of data breach or not completely be safe from potential hacks. However, with a highly placed and professional DPO, it may prevent them from suffering a heavier fine or warning from PDPC since likely proper steps and measures already in place despite having a data breach. 

Enforcement of Data Privacy Laws 

These days, a vast amount of personal data are collected, transferred and even used by different parties for various reasons. We foresee this to continue to grow in the future. Hence, it is crucial to enforce data privacy laws. However, data privacy laws may differ from country to country. If one fails to secure their data, their data could be stolen from anywhere in the world. Hence, having a PDPA is important to many businesses as it will ensure a baseline standard of protection for personal data across the economy by complementing sector-specific legislative and regulatory frameworks.  

How Privacy Ninja can fulfil the DPO role for you 

Privacy Ninja is offering DPO-As-A-Service for businesses who wish to secure their information and data. 

The following is how Privacy Ninja helps you to be compliant with the PDPA. 

  • Bi-annual company review/ risk assessment on business processes and audit 
  • Develop data handling, retention policies and Data Protection Management Programme 
  • Review of corporate website’s data collection and PDPA terms and conditions 
  • Be part of group email to answer any data protection related queries 
  • Weekly emailer on latest PDPA breaches and regulations 
  • PDPC e-learning with assessment tracking for employees 
  • Register named individual in ACRA Bizfile 
  • Ongoing data protection support for specific business questions 

Privacy Ninja serves a better option for companies that do not want to hire or need an in-house DPO due to hefty expenses 


The event was concluded with a Q&A session where many questions were asked regarding the topic. Andy and Dexter have provided some great insights for the participants regarding these questions. Some questions that were asked by the audience are: 

  • How will a DPO help with the cyber-attacks? 
  • Why do these attacks happen? What can we do to prevent it? 
  • If I am not a Singapore-registered company but serving the Singapore market, do I need a Data Protection Officer? Will I be liable for any data breaches? 
  • What will be the most severe penalty if companies don’t hire DPO? Will there be warning first? 
  • If there is a suspected case of another company breaching the PDPA by selling data to third-party, as an individual or company, is it possible to report such suspicion? How can I proceed? 

Watch the full video to find out more! 

Privacy Ninja is also offering a 10% discount for their DPO-As-A-Service for viewers. Quote “BSC10” to enjoy the discount on their service. Valid until 31 Oct 2020. 

Introduction of BlackStorm Learn 

BlackStorm Consulting is going to launch a new learning platform targeted those who wish to learn about practical experience that was captured first-hand and dissected by experts. 

Whether you are an aspiring or seasoned entrepreneurBlackStorm Learn helps one to unlock their business potential with the array of courses available. 

 If you wish to become our first few to use the platform, please indicate your interest in this form. Individuals who indicated their interest will be get S$999 worth of materials namely:  


  1. Business Sentiments 2020 Report [E-report]
  • Business insights and advices for 2020 
  • Business landscape outlook 
  • Stages to business recovery 
  • Expectations in the rest of 2020 
  1. Proven Ways to Help Your Business Weather the Storm [E-guide]
  • Case studies 
  • Frameworks 
  • Step-by-step guide 


About Privacy Ninja 

From the founders of AntiHACK.me, Privacy Ninja (https://www.privacy.com.sg/ ) prides itself on over a decade of secured IT development services, compliance expertise and corporate training. 

We’re a team of cybersecurity and privacy-focused professionals aiming to help businesses in Singapore and beyond achieve PDPA compliance. 


About BlackStorm Consulting 

BlackStorm Consulting (http://blackstormco.asia/) is a Singapore-based boutique growth consultancy firm that specialises in corporate strategy, profit management and investment management. We scale businesses in Southeast Asia. Our clients and connections are internationally present and range from small and medium-sized businesses, MNCs, to government agencies.