PDPA Assessment Tool for Organisations (PATO)
Enter the code
How do you rate the User Experience of our site?
Select “All” categories if all the obligations are relevant to your organisation.
If not, you may select those which are relevant to your organisation. Most organisations should select at least 9 of the categories above
Select the “Accountability Only” if your organisation does not collect personal data. Personal data includes names of individuals, contact numbers, addresses of stakeholders such as employees, customers, contractors, donors, volunteers etc.
Select “Data Protection Provision” categories if all the obligations are relevant to your organisation, except for the Do Not Call Provisions.
Select the “Do Not Call Provisions” category if only the Do Not Call provisions are relevant to your organisation.
This implies that a particular requirement or initiative has been successfully implemented in your organisation. The term 'success' qualifies that there are policies to support, and processes to implement, and people to carry out personal data protection measures or duties in accordance to the requirement. The particular PDPA requirement that is being assessed has been internalised into your operations and is a way of doing things in your organisation.
This implies that a particular requirement or initiative has been partially implemented in your organisation. The term "partial" could mean a number of things.
Here are some examples:
Please note that the PDPA Assessment Tool for Organisations (PATO) is not to be taken as an accreditation, endorsement or certification by the Personal Data Protection Commission (PDPC) of your organisation’s compliance with the PDPA, or any other laws or regulations that may apply. You may wish to seek professional advice on whether your organisation’s processes, practices and policies comply with the PDPA, or other laws or regulations.
This tool is not intended to be an authoritative statement of the law or a substitute for legal or other professional advice. The Personal Data Protection Commission (PDPC), the Info-communications Media Development Authority of Singapore (IMDA) and their members, officers, employees and delegates shall not be responsible for any inaccuracy, error or omission in this tool or be liable for any damage or loss of any kind as a result of any use of or reliance on this tool.