As digital transformation accelerates, organisations must manage personal data with precision and accountability. With over 30 years of legal leadership across Asia Pacific in technology, telecommunications, digital infrastructure, healthcare, and manufacturing, our Personal Data Protection Practice delivers practical, business-aligned solutions that enable both compliance and innovation.

We provide end-to-end data protection advisory—from governance and system-architecture reviews to incident readiness, contractual risk management, and operational implementation. Our internationally certified and regionally experienced team supports clients across Singapore, Indonesia, Malaysia, Thailand, the Philippines, India, and beyond.

Our Approach 

Effective data protection requires more than legal interpretation. It demands technical insight, operational discipline, and industry-specific experience. Our model combines:

• Legal expertise grounded in the PDPA and global standards
• Operational and technical input through specialised privacy experts supporting system and workflow assessments
• Sector-specific experience in telecoms, technology, healthcare, manufacturing, and other high-risk environments

This integrated approach ensures solutions that are practical, implementable, and aligned with real-world workflows.

Core Capabilities

1. System Architecture & Data Flow Review

We assess digital and biometric systems to identify compliance and governance risks, including:

• Architecture, data flow and synchronisation
• Biometric template creation, storage and deletion
• Anonymisation, pseudonymisation and re-identification risks
• Purpose segregation across security, attendance and analytics
• Cross-border data movement
• Clear, actionable reporting

Our experience with AT&T, Lucent, GE, Dyson and Nokia equips us to understand complex digital ecosystems.

2. PDPA Compliance & Regulatory Advisory

Comprehensive advisory across all PDPA obligations:

• Purpose limitation, notification, consent and accountability
• Requirements for employees, contractors, visitors and clients
• Withdrawal-of-consent and non-biometric alternatives
• Data subject rights and operational enablement
• Cross-border transfer assessments
• Secondary-use, analytics and commercialisation risks
• Guidance for emerging digital business models3. Documentation & Governance Frameworks

We create documentation that embeds compliance into daily operations:

• DPIAs for biometric and high-risk systems
• SOPs for access, retention, deletion, escalation and logging
• Employee and visitor notices
• Corporate privacy policies and web disclosures
• Access, correction, deletion and consent-withdrawal workflows
• Biometric-specific breach response protocols

4. Contract Review & Vendor Management

We ensure vendor arrangements reflect strong privacy and security safeguards:

• Supplier and technology contract reviews
• Privacy-by-design requirements and biometric controls
• Raw data retention, encryption, logging and deletion
• Audit rights, breach-handling obligations and cross-border terms
• Drafting amendments and DPAs

5. Digital Products & Data Commercialisation

Support for responsible innovation and new service models:

• Regulatory structuring for analytics and biometric-based offerings
• Lawful-basis and onward-disclosure assessments
• Re-identification, fairness and compatibility analysis
• Customer disclosures and governance structures

6. Training & Organisational Readiness

Targeted training to embed compliance across teams:

• PDPA and biometric-processing training
• Role-specific sessions for IT, operators and front-line staff
• Sector-specific programmes for telecoms, technology, manufacturing and healthcare
• Executive and board briefings

7. Negotiation & Implementation Support

Practical support throughout deployment:

• Negotiating privacy safeguards with vendors
• Evaluating technical controls and counterparty positions
• Supporting pilot testing and rollout
• Ensuring regulatory, contractual and operational alignment

Why Clients Would Choose Us

• Certified practitioners with decades of APAC privacy leadership
• Deep, jurisdiction-specific understanding of ASEAN and global data protection laws
• Industry expertise in telecoms, technology, digital platforms, healthcare, manufacturing, and biometrics
• Ability to translate complex technical architecture into regulatory requirements
• Demonstrated capability in data governance, breach management, and vendor oversight
• Proven experience advising global multinationals on cross-border data ecosystems
• Seamless integration of legal, operational, and technical perspectives

We help organisations build data protection programmes that are compliant, resilient, and aligned with the realities of modern digital operations.