This white paper describes recent amendments recently passed by the Singapore Ministry of Communications and Information (MCI) and the Personal Data Protection Commission of Singapore (PDPC) to the Personal Data Protection Act (PDPA 2012) and Spam Control Act (SCA). It also explores how a mature data governance capability can help organizations meet three key obligations of the PDPA in a sustainable way. This includes: