CP
Cempaka Partners
Client satisfaction
Client Feedback

What Organisations Say About Our Work

Feedback from Singapore organisations that have worked with Cempaka Partners across PDPA compliance assessments, policy development, and breach response advisory.

Return to Home
180+

Organisations Advised

97%

Client Satisfaction Rate

6+

Years in Practice

4.9

Average Client Rating

Client Reviews

From Our Clients

A selection of feedback from organisations we have worked with in Singapore across a range of industries.

"We engaged Cempaka Partners for our initial PDPA compliance assessment. The report was thorough and specific — it didn't just list requirements but explained which of our current practices were at issue and why. The prioritised action list made it straightforward to assign tasks across our team."

WL

Wong Li Shan

Operations Manager · Retail, Singapore

February 2026

"The policy drafting service was excellent. Wei Chen worked through our actual data flows with us before putting anything on paper. The privacy notice and breach management plan they produced are genuinely usable documents — not standard templates with our name inserted. The staff walkthrough session was also helpful in making the content accessible to our team."

RN

Rajendran Nair

Head of Compliance · Financial Services, Singapore

January 2026

"When we identified a potential breach, we were not sure where to start. The team at Cempaka Partners helped us assess the scope quickly and clearly. They explained the mandatory notification threshold requirements in a way that helped us understand exactly what we were dealing with. The PDPC notification document they prepared was well-structured. We would have been significantly more stressed without their support."

CY

Chua Yong Kiat

IT Director · Healthcare Admin, Singapore

March 2026

"As a small business, we were uncertain whether a formal compliance assessment was worthwhile given our scale. The assessment was well-scoped for our size and identified several areas we hadn't considered — particularly around third-party data sharing with our logistics partners. The fixed fee made it easy to proceed without uncertainty about costs."

ST

Siti Rahimah Tan

Director · E-Commerce SME, Singapore

January 2026

"We used Cempaka Partners for both the assessment and then the policy drafting — a logical sequence that worked well. The assessment findings directly shaped the policies that were developed. Lin Ting's knowledge of the PDPC's position on various consent scenarios was particularly valuable for our work in professional training and certification."

MA

Muhammad Azri

CEO · Training Organisation, Singapore

December 2025

"The data retention schedule and disposal procedures they drafted have made a noticeable difference in how our admin team handles data. Before, there was no clear guidance on when records should be deleted or how. These documents gave us a usable framework. I would have appreciated a slightly faster turnaround, though the quality of the output was not in question."

KP

Kavitha Pillai

Office Manager · Professional Services, Singapore

February 2026

Case Studies

Selected Engagement Outcomes

Details of specific engagements, presented with client consent and without identifying information where requested.

Compliance Assessment Financial Services · Singapore

Identifying Consent Gaps in a Financial Advisory Practice

SITUATION

A mid-sized financial advisory firm had been operating for several years with consent forms that predated the 2020 PDPA amendments. They were uncertain whether their existing consent mechanisms — including deemed consent provisions — remained compliant with current requirements.

APPROACH

We reviewed all consent forms, customer agreements, and data sharing arrangements with third-party service providers. The assessment referenced PDPC's advisory on the expanded deemed consent framework and identified specific gaps in the organisation's approach to marketing communications.

OUTCOME

Seven specific issues were identified and prioritised in the assessment report. Four were addressed immediately by updating consent forms and customer communications. The remaining three were incorporated into a longer-term policy review. The organisation subsequently engaged us for the policy drafting service to address these remaining items.

"The finding about our marketing consent practices was particularly useful. We hadn't realised that our existing approach no longer aligned with the amended Act."

— Compliance Lead, Financial Advisory Firm

Breach Response Advisory Technology · Singapore

Supporting a Technology Firm Through a Data Breach Response

SITUATION

A software company identified that a configuration error had exposed a database containing customer contact details for an estimated two-week period before discovery. The organisation was uncertain about its notification obligations and had no documented breach response procedures.

APPROACH

We conducted an initial assessment of the data involved and the likely exposure. Based on the categories of personal data affected and the accessible period, we determined that the incident met the mandatory notification threshold. We prepared the PDPC notification and the client notification template within 48 hours of engagement.

OUTCOME

Notifications were submitted within the mandatory three-day window. The PDPC acknowledged the notification and did not escalate to an investigation at that stage, in part because of the prompt notification and the organisation's cooperative approach. A post-incident review identified three systemic changes to reduce exposure risk.

"When we called, we didn't know where to start. By the time the call was over, we had a clear picture of what needed to happen and in what order. That clarity mattered."

— CTO, Technology Company

Policy Drafting Retail · Singapore

Building a Complete Data Protection Framework for a Retail Group

SITUATION

A Singapore retail group with three outlets and an e-commerce channel had minimal data protection documentation — a basic privacy notice that had not been updated since 2019 and no internal procedures for handling access requests or data incidents.

APPROACH

We began with a data mapping exercise to understand the group's collection points — in-store loyalty programme, online checkout, email marketing — and the third parties involved. This informed a full documentation suite tailored to their specific operations, including sector-specific considerations for retail under PDPC guidance.

OUTCOME

A complete documentation suite was delivered within three weeks, covering privacy notices, a data breach management plan, a retention schedule, and customer-facing access request procedures. Staff across all three outlets attended the walkthrough session via video. The group reported that staff understanding of data handling responsibilities improved noticeably following the session.

Contact Details

Reach Cempaka Partners

We welcome enquiries from organisations at any stage of their compliance journey. There is no obligation to proceed following an initial conversation.

Office

8 Shenton Way, #36-04
AXA Tower, Singapore 068811

Office Hours

Mon–Fri: 9:00 am – 6:00 pm SGT

Saturday: 9:00 am – 1:00 pm SGT

"The approach at Cempaka Partners is methodical and careful. They took time to understand our organisation before making recommendations — which meant the recommendations were actually relevant to how we operate."

PL

Priya Lakshmanan

General Manager · Professional Services, Singapore

Work With Us

Ready to Discuss Your Data Protection Position?

Whether you have a specific compliance question or want to understand what a structured assessment would involve, we are glad to help.

Contact Cempaka Partners