Professional Documents
Culture Documents
2
Revised Data Analytics &
Personal Data Protection Requirements
MANDATORY for all digital solutions to comply with the Data Analytics and Personal Data
Protection requirements by 30 Nov 2024 to be eligible for pre-approval under SMEs Go Digital team.
Revised Data Analytics & Personal Data Protection Requirements
Have you completed the Declaration on Data Analytics and Personal Data Protection Requirements in SMEGD Pre-
Approval? (https://go.gov.sg/dapdpdeclaration)
Data Analytics Does your digital solution come with one or more dashboards that provide an at-a-glance
(For all digital overview of charts/indicators to help users analyse data?
solutions)
Does your digital solution allow users to perform cross-filtering* on the dashboard(s) to analyse
real-time data and generate insights to make informed decisions?
Note: Cross-filtering allows users to interact with one chart and apply that interaction as a filter to other
charts on the dashboard. It can help users understand how different parts of the data are related.
Personal Data Does your digital solution collect, use, disclose, process or dispose personal data?
Protection
(For digital Note: Solutions with personal data shall incorporate features that support the obligations under the
solutions with Personal Data Protection Act (2020).
personal data)
Revised Data Analytics &
Personal Data Protection Requirements
MANDATORY for all digital solutions to comply with the Data Analytics and Personal Data
Protection requirements by 30 Nov 2024 to be eligible for pre-approval under SMEs Go Digital team.
Revised Data Analytics & Personal Data Protection Requirements
Personal Data (1) Does your digital solution have features to capture consent given by the individual after
Protection notifying the individual on the purposes for the collection, use and disclosure of personal data?
(For digital
solutions with (2) Does your digital solution have features that allow for access, update or correction of an
personal data) individual's personal data?
(3) Does your digital solution have features to set retention periods for the personal data and flag
out records which have reached the end of their retention period?
(4) Does your digital solution incorporate encryption of personal data both for data in transit (e.g.
TLS) and at rest (e.g. data stored on the servers)?
(6) Does your digital solution include backup features to perform regular and automated backup
to another location separate from the operating environment, such as cloud backup?
Who Need to Submit the Declaration
Note: Please indicate the LOA number for the existing pre-approved
solution
Note: Please indicate the LOA number for the existing pre-approved
solution
5
Data Analytics Requirement
(1) Does your digital solution come with one or more dashboards that provide
an at-a-glance overview of charts/indicators to help users analyse data?
Example
An operational dashboard to help users analyse their
organisation’s sales patterns for insights on:
• Top-selling and least popular products
• Popular product combinations
What do you need to provide? • Sales performance over different channels
• Seasonal/event-based sales patterns
✓ Screenshots of all dashboards in
your digital solution, with a brief
description on the objective/
purpose of each dashboard
6
Data Analytics Requirement
(2) Does your digital solution allow users to perform cross-filtering* on the dashboard(s)
to analyse real-time data and generate insights to make informed decisions?
Note: Cross-filtering allows users to interact with one chart and apply that interaction as a filter to
other charts on the dashboard. It can help users understand how different parts of the data are related.
Example
Users may use “store type” and “sales variance” to cross-filter the
What do you need to provide? charts/ indicators on this dashboard to analyse the sales
performance of each store.
✓ Screenshots of all dashboards in
your digital solution with a brief
description on the list of
indicators that can be used to
perform cross-filtering each
dashboard
8
Leverage IMDA’s BDDB BI Tool to
Build/Refine your Digital Solution’s Dashboard(s)
BI Tool for B2B SMEs New!
(Launched in Dec 2023)
1) Boost Product Sales and Grow Demand through
Distributors
2) Know Your Clients/Distributors
https://go.gov.sg/imdab2bbitool
3) Minimise Costs and Price Competitively
4) Innovate and Diversify Products
5) Improve HR Planning*
9
Collection, Use and Protection of Personal Data
“Personal data” refers to data about an individual who can be identified from that data;
or from that data & other info that the organisation has or is likely to have access.
(1) Does your digital solution have features to capture consent given by the individual after
notifying the individual on the purposes for the collection, use and disclosure of personal data?
The examples outline possible ways to implement this requirement, but they are
not exhaustive
• Users can create consent forms and customise communication preferences, privacy policy
and obtain consent from the individual through the solution, or create and send an email
What do you need
to the individual with the consent form link
to provide?
✓ Screenshots of
feature in your
digital solution, with
a brief description
on the objective/
purpose of each
feature
(2) Does your digital solution have features that allow for access, update or
correction of an individual's personal data?
The examples outline possible ways to implement this requirement, but they are
not exhaustive
• Users can update individual records in response to data requests received through
What do you need portal/solution or manually e.g. email, through call, or in person.
to provide? • Functions e.g. portal for individuals to submit their data requests or update their personal
data directly through the solution.
✓ Screenshots of
feature in your
digital solution, with
a brief description
on the objective/
purpose of each
feature
12
Personal Data Protection Requirement
(3) Does your digital solution have features to set retention periods for the personal
data and flag out records which have reached the end of their retention period?
The examples outline possible ways to implement this requirement, but they are
not exhaustive
• Users can set a default and/or configure specific retention periods for individual records,
What do you need different types of records or data categories within the system and can choose to
to provide? automatically/manually purge the data when the retention period expires.
• Automated notifications are sent when personal data records reach the preset retention
✓ Screenshots of period, or via manual search when users select the retention due date.
feature in your
digital solution, with
a brief description
on the objective/
purpose of each
feature
13
Personal Data Protection Requirement
(4) Does your digital solution incorporate encryption of personal data both
for data in transit (e.g. TLS) and at rest (e.g. data stored on the servers)?
The examples outline possible ways to implement this requirement, but they are
not exhaustive
• Use encryption (e.g. TLS) to encrypt data transmitted between a user's device (client) and
What do you need the server.
to provide? • Personal data stored in databases are encrypted at rest.
• Encryption of all files containing personal data, whether they are stored on servers, cloud
storage, or other storage systems.
✓ Screenshots of
• Secure data transfer protocols are used for transferring files or data between different
feature in your
systems.
digital solution, with
a brief description
on the objective/
purpose of each
feature
14
Personal Data Protection Requirement
(5) Does your digital solution incorporate 2-Factor Authentication (2FA)/ Multi-Factor
Authentication (MFA) to ensure that only authorised users can access the personal data?
The examples outline possible ways to implement this requirement, but they are not
exhaustive
• Provision of 2FA/MFA feature with at least two forms of authentication, such as combining a
password with a one-time code sent to a registered device for enhanced security.
What do you need
• Users can enable 2FA/MFA to secure high-risk transactions, such as large-scale data
to provide? transfers.
• Use of one-time password (“OTP”) or 2FA/MFA for administrator or accounts with access
✓ Screenshots of
to large volumes of personal data or personal data of confidential or sensitive in nature
feature in your
digital solution, with (financial or health records)
a brief description
on the objective/
purpose of each
feature
15
Personal Data Protection Requirement
(6) Does your digital solution include backup features to perform regular
and automated backup to another location separate from the operating
environment, such as cloud backup?
The examples outline possible ways to implement this requirement, but they are
not exhaustive
What do you need • Users can configure how often backups occur and how long the backup data is retained.
to provide? • Option to store backups in offsite locations e.g. cloud storage services.
• Keep multiple versions of backed-up data to allow users to select the desired restore point.
✓ Screenshots of • Allow users to schedule regular automated backups at specified intervals, such as daily,
feature in your weekly, or monthly etc.
digital solution, with
a brief description
on the objective/
purpose of each
feature
Note: Meeting all personal data requirements does not mean that your digital solution is PDPA-compliant.
17
Should you have any queries, please write in to smes_go_digital@imda.gov.sg.