A practical checklist for AI projects against the PDPA obligations — consent, notification, protection, retention and cross-border transfer.
dgm is an independent osFoundry integration partner — not affiliated with osFoundry’s maker (OS LLC), and dgm has no completed client integrations yet.
A practical checklist against the PDPA obligations keeps AI projects out of trouble. Run through these before you build.
| Item | Detail |
|---|---|
| Map the data | What personal data does the AI touch, and whose? |
| Consent & notice | Is there consent or a valid exception, with notification? |
| Cross-border | Will data go overseas? (Transfer Limitation Obligation) |
| Security | Is the data secured and access-logged? |
| Breach plan | Is a 3-day breach-notification process ready? |
Before you build
Map what personal data the AI will touch and whose it is; confirm you have consent or a valid exception (the PDPC notes the Business Improvement and Research exceptions for some AI training) and have given meaningful notification, especially where AI makes recommendations or decisions; and decide whether data will be transferred overseas, engaging the Transfer Limitation Obligation.
Security and breach readiness
Apply reasonable security and access controls with audit logging, and ensure you have a breach-notification process ready to meet the 3-day deadline. Anonymise personal data where possible — the PDPC’s AI advisory guidelines encourage it.
Residency and governance
Decide where data is processed and how it is secured. osFoundry’s managed cloud pins data to the US, EU or Japan — it does not currently offer a Singapore managed region (its nearest managed region is Japan). For data that must stay in Singapore, the honest path is self-hosting osFoundry (BYO Cloud) inside a Singapore cloud region such as AWS Asia Pacific (Singapore) ap-southeast-1, Microsoft Azure Southeast Asia (Singapore) or Google Cloud asia-southeast1 (Singapore), or running models locally on-device. For sensitive data, a self-hosted or Singapore-region setup simplifies the privacy story. Adopting the Model AI Governance Framework rounds out the governance.
Where dgm fits
dgm is an independent integration partner that helps Singapore businesses adopt osFoundry — scoping a first use case, handling the build, and connecting AI to the systems you already run. dgm is independent of osFoundry’s maker (OS LLC) and has no completed client integrations yet, so everything described here is a service offered, not a past result. If you want to scope a practical first project, dgm can help you map it out.