What is an IT business?
Also known as a managed IT service provider, an IT business is made up of professional IT specialists who form the core IT team of the company. This team provides companies with expert IT advice and remotely manages their clients’ IT systems.
In addition, an IT business typically charge a monthly subscription fee to their customers. This approach allows them to have recurring monthly revenues, as opposed to one-time transactions.
Finally, in order to limit costs and improve efficiency, most information technology support business use Remote Monitoring and Management (RMM) solutions. An RMM allows them to remotely manage and troubleshoot workstations and servers. With an RMM, the support company can manage the IT of many customers simultaneously.
Legal form for an IT business in Singapore
Pte Ltd or private limited company is one of the most popular IT business forms in Singapore. It is a type of legal entity that can have a limited number of corporate shareholders (20) and its shares are not publicly available. However, it has a clear set of advantages for investors and is subject to a simple incorporation procedure. Information technology support companies are generally limited liability companies.
Licensing Requirement to Operate a Computer Support Company
In Singapore, cyber security matters are regulated by the Cyber Security Act 2018 (CA). Under Section 24 of the CA, any cyber security service provider will need to obtain and maintain a license before it can offer such services in Singapore. As such, IT business that amount to cyber security services must be licensed.
Also, and in accordance with Section 2(1) of the Act, this licensing requirement applies generally to any person or entity who wishes to provide a service for consideration primarily for or in connection with providing or safeguarding the cyber security of a computer or computer system belonging to another person.
Finally, licensed cyber security service providers must meet two criteria if they want to possess this license:
1. Possess “fit and proper person” status.
2. Maintain, for at least 3 years, records of each occasion they are engaged to provide their cyber security service.
Personal Data Protection in Singapore
To protect consumers, Singaporean companies are required to obtain an individual’s consent before they can collect, use or disclose any personal information about them (Personal Data Protection Act of 2012).
Singaporean citizens have the option to register their phone number in the “Do Not Call” (DNC) registry if they do not want to receive advertising. Singapore companies must therefore check their telemarketing efforts against the DNC registry before engaging in marketing, or face penalties. In this sense, the law balances the rights of individuals to protect their personal data with the rights of businesses to use that data for legitimate purposes. The government has set up a personal data protection commission to ensure compliance with this law.
By regulating personal data, the PDPA aims to make Singapore a leader in digital information management policies and consolidate its status as a global place to do business.
In addition, the PDPA’s other general provisions legally require companies to use personal data responsibly:
| ➤ Companies must inform citizens of the purposes for which their data is being used |
| ➤ Businesses must obtain consent for the use of data and must not retain data if there is not a legitimate and reasonable business or legal reason to do so |
| ➤ Companies must appoint an internal data protection officer to oversee all compliance activities |
| ➤ Companies also have an obligation to provide access and rectification upon request and as soon as reasonably practicable |
| ➤ Companies must notify the Personal Data Protection Commission (PDPC) and data subjects if they have suffered a data breach that has caused significant harm to data subjects, or that has affected 500 or more individuals |
