SingaporeWhat is the maximum fine for PDPA violations?
The maximum fine for a PDPA violation in Singapore is S$1 million.
What the Law Says
The Personal Data Protection Act 2012 (PDPA) sets out penalties for non-compliance with its data protection obligations. Section 29 specifically authorises the Personal Data Protection Commission (PDPC) to impose financial penalties.
Section 29 gives the PDPC the power to issue a direction requiring an organisation to pay a financial penalty if it has failed to comply with certain data protection obligations under the PDPA.
The amount of the penalty must be 'reasonable and proportionate' to the nature and seriousness of the breach, but cannot exceed S$1 million.
This cap applies per instance of non-compliance — meaning multiple breaches may result in cumulative penalties, each capped at S$1 million.
Statutory TextThe Commission may, by written notice, direct an organisation to pay to the Government a financial penalty not exceeding S$1 million.
— Personal Data Protection Act 2012, s. 29 — Power to impose financial penalty
What to Do
Review your organisation’s data protection policies and practices against PDPA obligations.
Conduct regular staff training on data handling and consent requirements.
Appoint a Data Protection Officer (DPO) if required.
Respond promptly and cooperatively to any PDPC inquiry or investigation.
Implement technical and organisational measures to safeguard personal data.
Sources
Same Question, Other Jurisdictions
Germany
European Union
UK
South Korea
India
JapanNot legal advice. This article is general information based on publicly available sources, written for educational purposes. Laws change and individual situations vary. Consult a licensed attorney in your jurisdiction before acting on anything you read here. Last reviewed: 2026-06-08.