Singapore legislation

Regulation 12

of Personal Data Protection Regulations 2021

Regulation 12

Recipients holding specified certifications

Amended byS 86/2026 wef 02/03/2026S 86/2026 wef 02/03/2026

Subregulation 1

For the purposes of regulation 10(1), a recipient of an individual’s personal data in a country or territory outside Singapore is taken to be bound by legally enforceable obligations to provide a standard of protection for the transferred personal data that is at least comparable to the protection under the Act if the recipient holds a specified certification that is granted or recognised under the law of that country or territory to which the personal data is transferred.

Subregulation 2

Amended byS 86/2026 wef 02/03/2026S 86/2026 wef 02/03/2026

In this regulation, “specified certification”, in relation to a recipient of an individual’s personal data, means a certification under —

(a)

where the recipient is a data intermediary —

(i)

the Asia-Pacific Economic Cooperation Privacy Recognition for Processors System;

(ii)

the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules System;

(iii)

the Global Privacy Recognition for Processors System; or

(iv)

the Global Cross-Border Privacy Rules System; or

(b)

in any other case — the Asia‑Pacific Economic Cooperation Cross-Border Privacy Rules System or the Global Cross-Border Privacy Rules System.

Regulation 12 — Personal Data Protection Regulations 2021