What is PDPA and how do I comply in Magento?

The Personal Data Protection Act 2012 (revised 2021) is Singapore’s GDPR-equivalent. Three layers to wire into Magento:

1. Consent & notification — explicit opt-in for personal-data collection. Cookie banner with granular toggles (essential / analytics / marketing). We integrate Cookiebot / Usercentrics / Klaro with Magento’s native cookie API + GTM.
2. DNC (Do-Not-Call) registry — before any SMS / WhatsApp / call marketing, scrub against the SG DNC list. Wire via API on outbound campaigns.
3. DSAR / deletion / portability — customers can request access, correction, deletion of their data. We build admin tools + automated flows in customer + sales_order tables.

Plus Spam Control Act for unsolicited commercial email (opt-in + unsubscribe + sender ID), and MAS guidelines if you’re fintech-adjacent (BNPL, crypto-tangential, regulated payments).