Singapore legislation
Regulation 12
Regulation 12
Recipients holding specified certifications
Subregulation 1
For the purposes of regulation 10(1), a recipient of an individual’s personal data in a country or territory outside Singapore is taken to be bound by legally enforceable obligations to provide a standard of protection for the transferred personal data that is at least comparable to the protection under the Act if the recipient holds a specified certification that is granted or recognised under the law of that country or territory to which the personal data is transferred.
Subregulation 2
In this regulation, “specified certification”, in relation to a recipient of an individual’s personal data, means a certification under —
where the recipient is a data intermediary —
the Asia-Pacific Economic Cooperation Privacy Recognition for Processors System;
the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules System;
the Global Privacy Recognition for Processors System; or
the Global Cross-Border Privacy Rules System; or
in any other case — the Asia‑Pacific Economic Cooperation Cross-Border Privacy Rules System or the Global Cross-Border Privacy Rules System.