• 91997200
  • enquiry@oasiswebasia.com


How to pass on your Data Protection Risk to your Web or Mobile App Development Vendor?
15 Mar

How to pass on your Data Protection Risk to your Web or Mobile App Development Vendor?

Posted by

If you have a front-facing website or a mobile app that collects users' information, your company will be in trouble with the law if there is a data leak.  Find out what you can do to ensure that this won't happen to you ever again.

Data Breach Incident

Imagine that you are receiving a call from your trusted employee who is very worried and anxious. He tried to inform you that your mobile app platform has been hacked and there was a huge data leak. You immediately ring your mobile app development vendor that is overseas in India. He mentioned to you that he is sorry and there is nothing much he can do. PDPC officers started to investigate you and you ended up with a 100k fine. You tried to sue your outsourced agency to recover the cost but you are unable to do so as they are not a Singaporean company. Is this worth it?

Let Team Oasis share with you a few steps to ensure that you are safe from this situation.


Hire a Singapore Registered Web Development or Mobile App Development Agency

If you have a contract with a local Singapore Web Development or Mobile Application Development vendor, they will be liable for at least half the damage as they are your official data intermediary.

This will not be applicable if the vendor is registered in another country. You have to ensure by interviewing the vendor on how they are going to protect your data and the security measures that are in place for your web or mobile application platform. Do follow the Data Privacy by Design guideline as supported by PDPC. It is a red flag when your vendor doesn't talk about data privacy and only focuses on the sales aspect during the discussion phase.

One way is to ask to see the certification of data protection issued by PDPC from your vendor. If he is unable to produce one, do reconsider them to develop for your project. It is not worth the risk.


Get your 3rd Party Vendor to sign a Data Protection Agreement

Once you have confirmed that your vendor is able to protect your application. Get the vendor to sign a legal agreement to transfer the risk and indemnify you from any data breach.

This is for the vendor to make sure that he will fulfill all the necessary data protection requirements and protect your user's information. You can download a copy of the agreement here. This will further reduce the risk on your end. If you already have an eCommerce website or a mobile app, approach your existing vendor and get it signed immediately.


Team Oasis recommends to hire a local web development agency and perform due dilligence to ensure that the vendor have a local data protection specialist with the know how capabilties to make sure that the chances of a data breach is low. Do note that most web development companies stationed offshored are not certified in PDPA at this moment currently.

Looking for a Proven Web Development Strategy?


Oasis Web Asia is a Singapore-based web design and web development company.

We provide website design, website development, e-commerce solution, content management system (CMS) solution and hosting services for all businesses.