Organisations in Singapore will have to comply with rules on the collection, use, disclosure and care of personal data in the Data Protection provisions of the Personal Data Protection Act 2012 (PDPA) beginning Wednesday.

Along with the implementation of the Do Not Call provisions on Jan 2, 2014, the PDPA will now be in full effect after an 18-month transition period for companies to prepare for compliance.

Personal Data Protection Commission (PDPC) chairman Leong Keng Thai said, with increasingly more data being generated and shared, the PDPA was necessary in order to strengthen Singapore's position as a trusted global data hub.

"With the PDPA in place, individuals' personal data will also now be better protected.

"However, we advise individuals to continue to be careful with their personal data and whom they provide their personal data to so as to reduce the likelihood of misuse," he said in a statement released by PDPC.

PDPA will also provide individuals greater control and protection of their personal data while allowing organisations the ability to collect, use or disclose personal data for purposes that were reasonable and appropriate.

From Wednesday, PDPC said organisations would have to notify individuals of the purposes for which their personal data was being collected, used or disclosed and obtain their consent to do so.

They can, however, continue to use personal data collected before Wednesday for the purposes for which the personal data was collected without obtaining fresh consent, unless the individual has asked the organisation to stop doing so.

Fresh consent will be needed if the personal data is used for new purposes.

In addition, individuals will now have the right to access and correct their personal data.

Organisations engaging in data activities in Singapore that do not comply with the PDPA may be issued a financial penalty not exceeding S$1 million (RM2.5 million).