Singapore legislation
Regulation 11
Regulation 11
Legally enforceable obligations
Subregulation 1
For the purposes of regulation 10(1), legally enforceable obligations include obligations imposed on a recipient of personal data under —
any law;
any contract in accordance with paragraph (2);
any binding corporate rules in accordance with paragraph (3); or
any other legally binding instrument.
Subregulation 2
A contract mentioned in paragraph (1)(b) must —
require the recipient to provide a standard of protection for the personal data transferred to the recipient that is at least comparable to the protection under the Act; and
specify the countries and territories to which the personal data may be transferred under the contract.
Subregulation 3
The binding corporate rules mentioned in paragraph (1)(c) —
must require every recipient of the transferred personal data that is related to the transferring organisation and does not already satisfy paragraph (1)(a), (b) or (d), to provide a standard of protection for the personal data transferred to the recipient that is at least comparable to the protection under the Act;
must specify —
the recipients of the transferred personal data to which the binding corporate rules apply;
the countries and territories to which the personal data may be transferred under the binding corporate rules; and
the rights and obligations provided by the binding corporate rules; and
may only be used for recipients that are related to the transferring organisation.
Subregulation 4
For the purposes of paragraph (3)(a) and (c), a recipient of personal data is related to the transferring organisation transferring that personal data if —
the recipient, directly or indirectly, controls the transferring organisation;
the recipient is, directly or indirectly, controlled by the transferring organisation; or
the recipient and the transferring organisation are, directly or indirectly, under the control of a common person.