How PDPC can enforce mandatory DPO appointment with little effort

PDPC has been having problem enforcing the appointment of DPO by the organisations.

The appointment of Data Protection Officer(s) is a mandatory requirement in PDPA 2012. In addition, the organization “shall make available to the public the business contact information” of the DPO.

Unfortunately, a lot of organisations not only have not appointed a DPO, but also did not have a privacy statement on their websites. 

Recently, I was on ARCA bizfile+ to search for some information. I was pleasantly surprised to find that ACRA added a data item called ‘Data Protection Officer(s)’ (see picture). If you click on the link, the record is empty. The data items to be displayed are: DPO name, DPO Contact No., and DPO email address.

I believe it is a new feature because I logged-in to my company profile and tried to update the DPO record but could not find a place to do so.

This is an interesting development. Since appointing a DPO is mandatory, it makes sense that company record should have the DPO information listed. I am betting that ACRA may be enforcing this. It will solve the two problems that PDPC has not been able to solve so far: (1) that most companies have not bothered to appoint a DPO and (2) the DPO information is not make available to the public.

How to ensure that the DPOs are knowledgeable and competent?

This, I think, is not for ACRA but PDPC to worry about.


Check out your own company’s record here: acra_bizfile

Also read my related blog on the role of a Data Protection Officer (DPO): Role of a DPO


ACRA DPO record