Batik Legal office

Our Practice

A Practice Built Around Data Privacy

Batik Legal was established to give Singapore organisations dedicated, thoughtful support on data protection matters — without the overhead of a full-service firm or the uncertainty of a generalist approach.

← Back to Home

Our Story

Why We Started Batik Legal

When Singapore's Personal Data Protection Act was significantly strengthened in 2020, many organisations — particularly small and medium enterprises — found themselves uncertain about what compliance actually required of them in practice. The regulatory language was precise, but translating it into day-to-day data handling decisions was another matter.

Batik Legal was founded to close that gap. Our practice focuses exclusively on data privacy matters under Singapore law, which means our team develops deep, current familiarity with PDPC guidance, enforcement decisions, and the practical steps that organisations need to take. We work directly with clients — not through layers of associates — so the advice you receive reflects considered, experienced thinking.

The name Batik reflects the layered, interwoven nature of data protection: personal data flows through an organisation in complex patterns, and compliance requires understanding those layers thoughtfully, not just checking boxes. We bring the same attention to pattern and detail to every engagement.

Our clients range from technology businesses and healthcare service providers to financial institutions and professional services firms. What they share is a need for clear, workable guidance — and that is what we aim to provide.

Our Mission

To help Singapore organisations build data handling practices that are legally sound, operationally sensible, and genuinely protective of the people whose data they hold.

What We Stand For

Clarity over complexity

Legal advice should help you make decisions, not add to the uncertainty.

Proportionate guidance

We calibrate recommendations to your organisation's actual context, not theoretical ideals.

Responsiveness

Data protection issues can be time-sensitive. We structure our service to reflect that.

Long-term perspective

Compliance is an ongoing practice, not a one-time project. We support clients over time.

Our Team

The People Behind the Practice

Each member of our team concentrates on Singapore data protection law, bringing specialist knowledge to every client engagement.

NL

Nicole Lim

Founding Partner, Data Privacy

Over a decade of legal practice in Singapore, with the past six years focused on data protection advisory. Advises clients across technology, healthcare, and financial services sectors on PDPA compliance frameworks and regulatory engagement.

RK

Rajesh Kumar

Senior Associate, Compliance

Specialist in PDPA gap assessments and data protection policy drafting. Has conducted compliance reviews for retail, logistics, and professional services clients. Experienced in managing DPO retainer arrangements for SMEs.

SW

Sarah Wong

Associate, Incident Response

Focuses on data breach response engagements and regulatory notification procedures. Brings structured, calm handling to time-sensitive incident situations, with experience in preparing PDPC notification documentation across multiple sectors.

Our Standards

How We Maintain Practice Quality

The standards we hold ourselves to across every client engagement, from initial assessment through to ongoing advisory work.

Current Regulatory Knowledge

Our team monitors PDPC advisory guidelines, enforcement decisions, and industry-specific guidance as they are published, keeping our advice grounded in current regulatory expectations.

Client Confidentiality

All client information is handled with strict professional confidentiality. We maintain clear data handling practices within our own firm — consistent with what we advise our clients to do.

Written Engagement Terms

Every engagement begins with clear written terms covering scope, fees, and expected deliverables. Clients know what they are receiving before work begins.

Ongoing Review Process

Our internal work product goes through peer review before delivery. Reports and guidance notes are checked for accuracy, completeness, and practical applicability.

Professional Ethics

Our team are qualified legal practitioners bound by the professional conduct rules of the Singapore Legal Service. Ethical standards are not optional considerations — they are the foundation of every engagement.

Clear Communication

Legal advice is only useful if the recipient understands it. We write and communicate in straightforward language, and welcome questions throughout any engagement.

Practice Context

Data Protection in Singapore's Regulatory Landscape

Singapore's Personal Data Protection Act sits at the intersection of commercial operations and individual rights. For organisations operating in the city-state — whether locally incorporated or with regional headquarters in Singapore — the PDPA creates specific, enforceable obligations around how personal data is collected, used, stored, and shared.

The Personal Data Protection Commission actively monitors compliance and has issued a substantial body of published decisions that shape how organisations should interpret their obligations. Understanding these decisions, alongside the formal legislation and advisory guidelines, is central to sound compliance practice. Batik Legal tracks this body of material closely and draws on it directly in client work.

Data protection advisory in Singapore also intersects with sector-specific regulations — notably the Monetary Authority of Singapore's technology risk management guidelines for financial institutions, the Ministry of Health's healthcare data governance frameworks, and the Cyber Security Agency's guidance on incident management. Batik Legal brings familiarity with these intersections to client engagements where they are relevant.

For organisations that handle personal data across jurisdictions — including cross-border data transfers from Singapore to overseas recipients — the adequacy of overseas protection standards is an important compliance consideration. Our DPO advisory service covers the contractual and procedural mechanisms available for such transfers under the PDPA's third schedule provisions.

Would You Like to Work with Our Team?

We are glad to discuss your organisation's data protection situation and explain how we might be able to assist.

Contact Batik Legal