A Practice Built Around Data Protection
Cempaka Partners was established to help Singapore organisations develop sound, workable data protection practices grounded in the requirements of the PDPA and the expectations of the PDPC.
Return to HomeWhere Cempaka Partners Began
Cempaka Partners was founded with a clear focus: to provide Singapore organisations with data protection advisory services that are thorough, clearly communicated, and aligned with current regulatory expectations.
The Personal Data Protection Act has matured considerably since its introduction in 2012. Amendments in 2020 introduced mandatory breach notification, expanded enforcement powers, and clearer obligations around consent. The PDPC has continued to publish advisory guidelines, issue enforcement decisions, and refine its expectations across industries.
Many organisations — particularly small and mid-sized businesses — find it difficult to keep pace with these developments while also managing day-to-day operations. Cempaka Partners fills that gap by providing structured advisory services that translate regulatory requirements into practical, implementable steps.
Our work spans initial compliance assessments, the development of data protection documentation, and advisory support for organisations navigating data breach incidents. Each engagement is approached with care and with genuine attention to the organisation's specific circumstances.
Our Mission
To help Singapore organisations build well-founded data protection practices that reflect both regulatory requirements and operational realities — without unnecessary complexity or generic documentation.
Our Approach
Every engagement is structured around the organisation's specific data processing activities. We map what is actually happening before making recommendations, and we document our findings and guidance clearly.
Our Values
Precision in analysis, clarity in communication, and discretion in all client interactions. We operate to the professional standards expected of a data protection advisory practice.
Who You Work With
Our advisers bring focused experience in data protection regulation and practical compliance advisory across a range of industries in Singapore.
Lin Ting Huang
Principal Adviser
Lin Ting leads client engagements across PDPA compliance assessments and policy development. She has advised organisations in finance, healthcare administration, and professional services on data protection matters, and has followed PDPC regulatory developments closely since the PDPA's introduction.
Rajan Krishnamurthy
Data Protection Consultant
Rajan focuses on data mapping, breach response advisory, and technical aspects of compliance implementation. He works closely with clients on identifying data flows across systems and preparing organisations for notification obligations under the mandatory breach notification framework.
Yeo Wei Chen
Policy Development Lead
Wei Chen manages the drafting and review of data protection documentation, including privacy notices, data retention schedules, and staff-facing procedures. She ensures that documents reflect both the organisation's actual operations and current PDPC advisory guidance.
How We Work
Our practice is organised around clear standards for engagement quality, documentation, and client confidentiality. These reflect what a responsible data protection advisory should look like in practice.
Client Confidentiality
All client information — including documents, data maps, and incident details — is handled under strict confidentiality obligations. Client data is never disclosed to third parties without consent.
Evidence-Based Assessments
Our assessments are based on actual documentation review and structured interviews, not checklists completed in isolation. Findings are supported by specific references to PDPA requirements or PDPC guidance.
Current Regulatory Alignment
We maintain regular review of PDPC decisions, advisory guidelines, and consultation papers to ensure that our advice and documentation reflect current regulatory expectations.
Clear Deliverables
Each engagement produces written output — whether an assessment report, drafted policies, or breach response documentation — with clear structure and practical recommendations that staff can use.
Privacy by Design Orientation
Where relevant, we recommend approaches that embed data protection considerations into operational processes — not just as a compliance exercise, but as a sustainable practice.
Accessible Communication
Regulatory obligations are explained plainly. We aim for our clients to understand why each requirement exists, not just what it requires, so that compliance decisions are made with genuine understanding.
Data Protection Advisory in Singapore
Singapore's data protection framework centres on the Personal Data Protection Act, administered by the Personal Data Protection Commission. Since the 2020 amendments came into force, organisations have had to navigate expanded obligations including mandatory breach notification within three calendar days of assessment, increased financial penalties, and more detailed requirements around consent and deemed consent.
Cempaka Partners works with organisations across sectors — technology, financial services, healthcare administration, retail, education, and professional services — to help them develop data protection practices that hold up to scrutiny. Our advisers have followed PDPC enforcement decisions and advisory publications closely, and this forms the basis of the specific, current guidance we provide.
A well-structured compliance programme typically involves three elements: understanding what personal data your organisation holds and how it flows through your systems; maintaining documentation that demonstrates that data protection obligations are being met; and having clear procedures in place for situations that require prompt response, such as a data breach or an individual's access request.
Cempaka Partners supports organisations at each of these stages, whether through an initial assessment that establishes a clear picture of the current position, the development of policies and procedures that align with PDPA requirements, or advisory support during a breach incident. Each engagement is conducted with care, discretion, and attention to your organisation's specific context.
We Welcome Your Enquiry
If you'd like to discuss your organisation's data protection position or learn more about how our services are structured, please reach out. We're glad to answer questions without any prior commitment.
Get in Touch