chapter 4

Privacy — Data Protection

Personal Info


Data, whether true or not, about an individual who can be identified: (a) from that data or (b) from that data and information to which the organization has or is likely to have.

—S.2 Personal Data Protection Act

Whether you conduct business online or offline, you have access to personal information about your customers. Privacy is important to them, but it’s becoming harder to protect in an increasingly digital marketplace.

The Personal Data Protection Act provides rules for how you can collect, use and disclose this information and comes into effect July 2014. Ensuring that the data you collect is in line with these rules takes time and research, so be sure you’re compliant before the law comes into force.

The Personal Data Protection Commission (PDPC) is the authority responsible for monitoring and enforcing data protection in Singapore. Privacy laws seek to create a balance between your need to collect personal information and an individual’s right to maintain their personal privacy.

As an online shop owner, you collect information about your customers to provide them with your products or services. The data you collect is considered personal information, which means it needs to be collected and treated carefully.

Concepts the PDPA takes into account


You can only collect information with the individual's knowledge and consent.



You can only use and disclose the information you collect if the customer has been informed of the purpose of the use.



You can only use and disclose information for purposes that would be considered appropriate by a reasonable person.

The best way to protect yourself, gain consent and inform your clients is to implement a well-designed privacy policy. The link to this document should be visible and accessible on your online store.

Any promises you make in this policy create a contract to which both you and your customer are bound. You need to be conscious of your privacy policy to make sure you comply with the promises you make. Some of the information that needs to be provided is actually controlled by the ecommerce platform you choose (such as storage or security). When deciding on a platform, pay attention to how they integrate their privacy policy, and see what sort of guidance they provide for preparing the clauses for your own policy. Make sure their privacy strategies are in line with the requirements in Singapore.

At Shopify we're certified Level 1 PCI DSS compliant, which means your shop can accept a range of credit cards and you can rest easy knowing your customer data is secure.

The PDPC is an excellent resource for helping you to remain in compliance with privacy laws. Be sure to stay informed and use the resources provided to you by the PDPC to ensure that the information you receive is secure and used appropriately.

Respecting your consumers’ personal information can help build a strong and competitive foundation to your customer relations.

Privacy Policy Generator

Coming up with your first privacy policy can be challenging so we've created a handy tool that generates your own, custom privacy policy with the click of a button.

Click here to get started.

Next chapter

5. Business Structures

4 min

Start your free 14-day trial today!