Our Services
Three Focused Services. One Clear Purpose.
Each of our services addresses a distinct stage of an organisation's data protection journey — from understanding your current position, to ongoing operational support, to handling a specific incident.
← Back to HomeOur Methodology
How We Approach Each Engagement
Whether we are conducting an assessment, providing ongoing DPO support, or responding to a breach, our process follows the same foundational principles.
Understand Context
We begin by understanding your organisation's operations, data flows, and specific circumstances before providing any recommendation.
Assess Against PDPA
We evaluate your practices against PDPA requirements, PDPC guidance, and published enforcement trends relevant to your sector.
Deliver Clear Guidance
We provide written output in plain language — actionable steps, not dense legal prose that leaves you uncertain how to proceed.
Support Ongoing
We remain available for follow-up questions and, for retainer clients, provide structured ongoing support as your situation evolves.
Service 01
PDPA Compliance Assessment
A structured review of your organisation's data protection practices against the requirements of the Personal Data Protection Act. This engagement covers the full spectrum of your data handling activities — from how personal data enters your organisation to how it is stored, shared, and eventually disposed of.
The deliverable is a detailed gap analysis report with findings organised by PDPA obligation and prioritised by compliance significance. Suitable for organisations conducting their first formal review, those preparing for an internal audit, or those responding to regulatory inquiries.
What Is Covered
- • Personal data flow mapping
- • Consent mechanism review
- • Data protection notice assessment
- • Vendor and third-party arrangements
- • Breach response preparedness
- • Internal policy evaluation
Engagement Details
- • Typical duration: 2–3 weeks
- • Structured intake questionnaire
- • Follow-up interviews as needed
- • Written gap analysis report
- • Debrief call with practitioner
- • Starting from SGD 580
Service 02
Data Protection Officer Support
Ongoing advisory support for organisations that need external Data Protection Officer assistance or supplementary guidance for their in-house DPO. Structured as a retainer arrangement with agreed response times, making it a practical option for small and medium enterprises that may not need or cannot support a full-time dedicated DPO.
The retainer covers day-to-day queries on data handling practices, review of Data Protection Impact Assessments, guidance on cross-border data transfer mechanisms, and assistance with responding to access and correction requests from individuals.
Day-to-day data handling queries
Prompt responses to practical compliance questions from your team
DPIA review and guidance
Assessment of data protection impact assessments for new projects or systems
Cross-border transfer mechanisms
Guidance on PDPA third schedule requirements for overseas data transfers
Access and correction request handling
Assistance responding to individual rights requests under the PDPA
Service 03
Data Breach Response & Notification
Rapid-response advisory for organisations that have experienced or suspect a data breach. Given the PDPA's mandatory notification obligations — three calendar days to notify the PDPC for notifiable breaches — early engagement with specialist advisers is important in managing the incident appropriately.
We assist with initial assessment of the incident's scope and severity, determination of whether mandatory notification to the PDPC and affected individuals is required, preparation of notification documents, and guidance on immediate remediation steps. We also assist with post-incident reviews to identify root causes and strengthen safeguards.
Response Process
Initial scope and severity assessment of the incident
Determination of PDPC and individual notification obligations
Preparation of required notification documents
Guidance on immediate containment and remediation steps
Post-incident review and safeguard strengthening
Service Comparison
Which Service Is Right for You?
A quick reference to help you understand which service best fits your organisation's current needs.
| Your Situation | Assessment | DPO Support | Breach Response |
|---|---|---|---|
| Never had a formal compliance review | — | — | |
| Preparing for a PDPC inquiry or audit | — | ||
| Need ongoing data protection guidance | — | — | |
| No dedicated internal DPO resource | — | — | |
| Experienced or suspected data breach | — | — | |
| Planning new data-intensive systems or processes | — |
Not sure which applies to you? Contact us and we will help you determine the most appropriate starting point.
Across All Services
Our Professional Standards
Strict Confidentiality
All client information is handled with professional confidentiality obligations.
Written Engagement Terms
Scope and fees agreed in writing before any work commences.
Qualified Practitioners
All advice delivered by qualified legal practitioners with professional obligations.
Peer-Reviewed Output
Reports and advice notes reviewed internally before delivery to clients.
Conflict-Free Advice
We act in your organisation's interest throughout each engagement.
Not Sure Where to Start?
Reach out and describe your situation briefly. We can help you understand which service is appropriate and what the engagement would involve.