AT Law Practice LLP


Singapore is a very attractive location for foreign direct investment – Part One

This is part one of a two-part article which explores the reasons why Singapore is a very attractive investment destination for foreign investors looking to spread their eggs in more than one basket.

Since independence, the Singapore Government has always put efforts to attract foreign direct investment (‘FDI’) and worked in creating an environment (such as financial stability, excellent infra-structure, telecommunication facilities, banking system, pro-business legislation, administrative efficiency when dealing with regulatory and other administrative bodies, intellectual property protection regime, English speaking highly skilled workforce, strong political leadership and sound economic fundamentals) that helps them flourish. This resulted in Singapore being one of the easiest cities in the world to do business in and it is one of the countries with the most open economy. 

Its very beneficial geographical location can be leveraged to reach into big markets of Asia. Additionally, Singapore is well positioned for businesses that use Singapore as a mid-way point to repackage goods moving across the globe. 

Moreover, Singapore has developed a lot technologically in recent years and this has helped Singapore enhance its standing even further as an attractive location for foreign investors. Areas to consider in light of this advantage would be technological innovations, digital communications, fintech (financial technology), medical technology, biotechnology, healthcare, precision engineering etcetera.

Singapore has a very favourable tax system due to its low corporate tax rate and the extensive network of double taxation treaties with over 80 countries. There are numerous industry-specific tax deductions and incentives made available to businesses registered in Singapore including for the maritime sector, financial and banking sector, research and development. 

Some of the general tax incentives and measures which are highly attractive to foreigners include one of the lowest corporate tax rates in the world plus tax exemptions for specified quantum of chargeable income, higher tax exemptions for newly incorporated companies, no capital gains tax, no withholding tax on post-tax dividends paid from Singapore, shareholders are not taxed on dividend income from a Singapore tax resident company, a company’s foreign source income is not taxable in Singapore until such income is received or deemed received in Singapore and companies in Singapore can also benefit from tax exemption on foreign-sourced dividends, foreign branch profits and foreign-sourced service income if certain conditions are met.

Singapore also grants tax breaks to companies in the trading sector to help them go regional and international. 

Please continue to read the rest of this article by clicking here to access Part Two of this article.

If you are keen to find out more about the framework in Singapore for setting up a representative office of your existing business, setting up a new business or investing in one or more businesses in Singapore, please contact our experienced senior lawyers at AT Law Practice LLP for a short complimentary call or meeting – click here

 Copyright © 2021 ATLaw Practice LLP. All Rights Reserved.

Fined for Breaches of PDPA Obligations – Bud… Bud… Bud… I Did Not Know!

The “I did not know I needed one” defence was used by the management of Bud Cosmetics in Re Bud Cosmetics Pte Ltd (2019) SGPDPC 1 when investigated about its data protection policies. This “defence” was of course, swiftly rejected by the Personal Data Protection Commission (PDPC) as the Commission stated that ignorance of the law is no excuse.


If you own a business, make sure you are not only fully aware of the Personal Data Protection Act (PDPA) passed in 2012 which contains compliance requirements for protecting personal data in Singapore, but you are also taking steps to actually comply with these requirements (we have posted another related article on recent amendments to the PDPA in 2020 – you may check out that article here). The Bud Cosmetics case is a good example of what happens if you do not do so.

Bud Cosmetics operated a membership program which is typical for businesses to generate customer loyalty. Bud Cosmetics, again typically, sent out email blasts and newsletters to members who signed up after providing their personal details.

Subsequent to receiving  a complaint from an affected individual about an exposed data list on the internet containing personal data of members (including the complainant’s) of Bud Cosmetics membership program, the PDPC  investigated and concluded that Bud Cosmetics were in breach of several of their obligations under the PDPA. 

Fined for Breaches of PDPA Obligations

Bud Cosmetics had an obligation under the law to comply with the PDPA and its regulations and they had failed to do so.

PDPC’s investigation resulted in Bud Cosmetics getting fined for breaching three sections of the PDPA, namely sections 12a, 24 and 26. 

Section 12a requires an organisation to develop and implement policies and practices that are necessary for it to meet its data protection obligations under the PDPA and to communicate to its staff information about such policies and practices.

Section 24 requires an organisation to protect personal data in its possession or under its control by taking reasonable security measures to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. 

Under section 26 of the PDPA, unless otherwise exempted,  an organisation shall not transfer any personal data to a country or territory outside Singapore unless it ensures that each such receiving organisation provides a standard of protection to personal data that is comparable to the protection under the PDPA. 

Insufficient Policies and Practices to Protect Personal Data
Although Bud Cosmetics had a privacy policy on their website, they only published their privacy policy because they saw many other companies do so. Their explanation was  “I did not know about the legal obligations”.  They assumed (wrongly) that the PDPA only contained provisions about the Do Not Call Registry- preventing them from sending marketing messages to registered Singapore numbers.

Furthermore, although Bud Cosmetic’s privacy policy notified customers as to how they would use and process the data subjects’ personal data,  it did not mention  how the company’s employees were going to handle their customers’ personal data.

Employees who are not informed of any requirement to protect personal data certainly cannot be expected to do so. Employees need proper data protection training, which Bud Cosmetics had not provided.

Absence of Adequate Security Measures to Protect Personal Data 

Furthermore, Bud Cosmetics failed to consider whether the security of its website and technological systems was adequate and did not put in place any security measures to protect personal data in its possession. They said this was because they were unaware of the PDPA obligations at the time of the incident and therefore did not have such measures in place.

Remember even if  you just own a small business, you still have to ensure the security of your systems and the protection of personal data in your possession or under your control.

Obligations when you Transfer Personal Data Overseas
Originally Bud Cosmetics engaged an Australian based service provider to host their membership program data list  and subsequently they engaged a US based service provider to host the said data. Thus they transferred personal data outside Singapore without considering, as they should have, if the laws in the country where their service provider is based provided a standard of protection to personal data that is comparable to the protection under the PDPA.

If your business is transferring data to overseas hosting servers, please take note if the laws in the receiving country are comparable or better than that of the PDPA. If they are not, please include contractual obligations for the hosting servers to provide protection comparable to the PDPA. You might be pleased to note that with recent amendments to the Act, companies can now look for overseas hosting servers/organisations with “specified certification”. Overseas receiving organisations which have either of the two specified certifications, namely the Asia Pacific Economic Cooperation Cross Border Privacy Rules (APEC CBPR) System and the APEC Privacy Recognition for Processors (APEC PRP) System,automatically satisfy the PDPA’s section 26 obligation. 

If you own a business, please learn from the lessons the Bud Cosmetic case provides. It is better to be safe than sorry when it comes to protecting important personal data of your customers. If you need support with this, please approach our helpful team at AT Law Practice LLP – click here.


Copyright © 2020 ATLaw Practice LLP. All Rights Reserved.

error: Content is protected !!