Cybersecurity, Privacy and Data Protection

Data Protection-as-a-Service for SMEs (DPaaS@SMEs)

Harry Elias Partnership LLP is one of the DPaaS@SMEs Providers registered with IMDA. 

We are able to provide SMEs with basic data protection practices to foster consumer trust and confidence to use data to maximise business value.

The DPaaS@SMEs Package covers both a one-time setup for basic data protection and annual retainer service.

Key components of the DPaaS@SMEs Package include:

  • Data Protection Management
  • Data Breach Management
  • Training and Communications

For more information, please contact KK Lim, our Head, Cybersecurity, Privacy and Data Protection at or +65 6361 9307

Our Practice Profile

We provide the following compliance review and assessment in relation to Information Technology, generally followed by the specific areas within the  technologies: the cybersecurity, privacy and data protection requirements that are necessary for your company to operate within the legal regimes for compliance regardless whether your company is located in Singapore or in the region.  

Our Approach

Understanding the Business Concerns of the Client

It is a fundamental belief of this practice that it is critical to understand the business concerns and the challenges that a client faces, before even commencing to review their legal needs.  

The solutions we provide must not only be legally sound, it must be also meet the market demands of our client’s customers and help our clients grow their markets. In addition, we will consider their future digital strategy.

Technical Assessment Considered

While we remain engaged primarily as your lawyers, our review will take into consideration your technical posture. Technology plays a significant part in any Company’s operations. Our team members also qualified in other jurisdictions apart from Singapore.

Pre-breach Compliance Review & Assessment

A “stitch in time saves nine” is equally applicable in today’s highly regulated and technologically driven commercial operations. We will review your operations against the applicable legal regimes on cybersecurity, privacy and data protection to ensure that your Company is legally compliant.

We will also review the current technical stage of maturity to ensure that your legal policies are practical and implementable. We will also consider any third-party systems or supplier’s systems connected to your Company’s infrastructure that may impact your legal liability.

Post-Breach Assessment /Incident Response  

In the unfortunate situation where there is a data breach or an incident occurring in your operations, we will review the current policy controls and technical vulnerabilities leading to the attack and the remediation to be implemented. This may include carrying out forensic examination of your network system including IOS (Apple) and/or (Android) mobile devices.

Singapore’s Critical Information Infrastructure (CII) Audit

Apart from the regular legal regimes governing personal data, Singapore’s 43 specific industries nominated as critical infrastructure owners, or CIIs, are subjected to additional legal compliance regimes, including regular audits under the Cybersecurity Act of 2018.

We provide advice on licensing of cybersecurity providers as well as advice to technology companies involved in this space.

Cloud Services

This may include a review against your current cloud service providers for your email, storage, and related cloud-based applications.

Post Breach Representation & Defence

Where the cause of your breach is due to a third-party fault, resulting in damage to you or your supplier, a claim against your Company, a regulator’s audit and/or investigation on your Company, our suite of experienced trial lawyers, mediators, and arbitrators together with our technical experts will combine their expertise to provide the necessary legal support for your company.

We work closely with our clients to employ a dispute resolution strategy that encompasses litigation, international arbitration, mediation and negotiated commercial settlements to achieve efficient outcomes in a cost-effective manner.

The Results

Legally Privileged Remediation Report

We will provide a legally privileged report to your Company covering both legal and technical remediations that the Company will need to undertake.

General Data Protection Regulations (GDPR) / Benchmarking Exercise

Companies operating globally must consider the implication of major legal regimes such  GDPR in countries like Singapore that have a different regime in protecting personal data. We also provide the necessary benchmarking exercises to examine the gaps and differences between different regimes and to ensure compliance with these different regimes.  

Technology Acquisition Due Diligence

Technology is a major consideration in the acquisition of companies. We provide the necessary due diligence including assessment of the application security, robustness and  legal due diligence required.

Mobile /Social Media Legal & Technical Advisory

As more and not less workers are using their personal mobile devices and the myriad of social media messaging systems such as WhatsApp, WeChat etc to communicate both personal and commercially sensitive information, we are happy to provide a legal review of the Company’s policies and solutions where relevant, to ensure that your Company’s trade and other secrets are protected.

Technology in Personal Disputes: Employment & Family Matters

The deployment of technology has also invaded our private spaces. We provide the necessary legal and technical support and advise within the context of employment and family matters.

In employment space, these would cover internal theft, sabotage, disputes on creation and ownership of technology, and defamation through different social messaging applications.

In family matters, we provide advise relating to obtaining technical evidence on computer systems and extraction of evidence from locked devices for family related disputes.

Technology Related Dispute Mediation Services

We understand that some clients may prefer for their disputes not to proceed to litigation, and that some may prefer for their disputes to be settled privately and away from the public glare. As we have the necessary technical understanding, our team stands ready to assist you in this area.


Francis Goh

Head, International Arbitration
Head, Private Client Advisory
+65 6361 9835
+65 6438 0550

Recent Awards