Artifact GuideSingapore PDPADNC marketing

Singapore PDPA DNC and marketing messages

Use this guide to decide when a Singapore PDPA Do Not Call Registry check is required before sending marketing calls, texts, faxes, or number-based app messages to Singapore telephone numbers.

The control should prove the message type, the register checked, the consent or exclusion relied on, the opt-out handling, and who is responsible as sender.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 9, 2026
Sections
4

Structured answer sets in this page tree.

Primary sources
4

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 9, 2026
Overview

The DNC provisions sit beside the PDPA data protection obligations. For marketing operations, the practical question is whether a planned message is a specified message sent to a Singapore telephone number and, if so, whether the sender has a valid DNC check, clear and unambiguous consent in evidential form, or a supported exclusion.

Section 1

When does a DNC check apply to a Singapore marketing message?

Treat a campaign as DNC-relevant when it sends a specified message to a Singapore telephone number by voice call, text, fax, or a data application that uses the Singapore telephone number. PDPC guidance says Singapore telephone numbers are eight-digit numbers beginning with 3, 6, 8, or 9, and DNC business rules state that only those numbers are accepted for registry checks.

A specified message generally includes commercial marketing purposes such as offering, advertising, or promoting goods, services, land, interests in land, business opportunities, or investment opportunities. The sender must check the relevant DNC Register before sending unless it has clear and unambiguous consent in evidential form from the user or subscriber of the number.

  • Classify the channel: No Voice Call Register for phone calls, No Text Message Register for SMS, MMS, and other text messages, and No Fax Message Register for fax messages.
  • Record the telephone-number validation result before upload: the DNC system accepts eight-digit numbers starting with 3, 6, 8, or 9.
  • Keep the DNC result receipt date because PDPC guidance and business rules describe DNC results as valid for up to 21 days from receipt.
  • If the number appears on the relevant register, do not send the specified message unless a separate clear and unambiguous consent record supports that sender, number, message purpose, and channel.
Sources for this answer
Do Not Call Registry and Your Business
Supports the page scope by explaining that the DNC provisions generally prohibit marketing messages to Singapore telephone numbers listed in the DNC Registry.
Do Not Call Registry Business Rules
Supports the operational lookup steps, accepted Singapore telephone number format, register types, and 21-day validity of DNC check results.
Advisory Guidelines on the Do Not Call Provisions
Supports the legal framing for specified messages, Singapore telephone numbers, the duty to check, and clear and unambiguous consent in evidential form.
Section 3

How should opt-outs, sender identity, and sender responsibility be handled?

Every specified message should identify the sender clearly and give contact information that lets the recipient readily contact the sender. For text and fax messages, the PDPC business guidance also says organisations must provide information on how individuals can opt out using the same medium by which the message is sent. For voice calls containing specified messages, the caller's identity must not be concealed.

Sender responsibility is broader than the team pressing send. PDPC guidance treats the person who actually sends, causes, or authorises the message or voice call as a sender. A brand, agency, campaign manager, and call centre can therefore all need DNC controls depending on the arrangement.

  • Include a sender name or alias that actually identifies the sender; generic pronouns, informal nicknames, or fictitious names are weak identification.
  • Provide direct contact details, such as an operational Singapore telephone number or valid email address; PDPC guidance says short codes and no-reply email addresses are not contact information for readily contacting the sender.
  • Process withdrawal notices within the prescribed period described by PDPC guidance as 21 days, and make agents stop sending messages within the withdrawn scope.
  • When using agencies, call centres, affiliates, or joint-offer partners, document who checks the DNC Register, who holds consent evidence, whose identity appears in the message, and who actioned opt-outs.
Sources for this answer
Do Not Call Registry and Your Business
Supports practical requirements for opt-out information, sender identification for text and fax messages, and non-concealment of caller identity.
Advisory Guidelines on the Do Not Call Provisions
Supports sender responsibility, identification and contact information requirements, and the 21-day period for effecting withdrawal of DNC consent.
Section 4

Which messages and number sources need special treatment?

Do not send every operational message through the DNC workflow. PDPC guidance identifies excluded messages, including messages by public agencies for non-commercial programmes, personal or domestic messages, emergency messages, transaction confirmations, warranty, recall, safety or security information, delivery of product updates or services the recipient is entitled to receive, market research or survey messages with no marketing element, and B2B messages sent to an organisation for that organisation's purposes.

The exclusion analysis must be strict. If a message mixes an excluded purpose with advertising or promotion that is not excluded, treat it as a specified message and apply the DNC check or consent path. Separately, do not use generated or harvested number lists: PDPC guidance says section 48B prohibits sending, causing, or authorising any message where the recipient telephone number was obtained by dictionary attack or address-harvesting.

  • For ongoing-relationship messages, confirm the message's sole purpose relates to the subject of that ongoing relationship; a one-off transaction alone does not establish the relationship.
  • For survey or market research outreach, keep the script free of goods, services, supplier promotion, or disguised incentives that convert the contact into a specified message.
  • For B2B outreach, document that the message is sent to an organisation for the receiving organisation's purposes, not to an individual acting in a personal or domestic capacity.
  • Screen lead-generation sources for address-harvesting software, random or sequential number generation, and automated number permutations; a DNC check does not cure a dictionary-attack source.
Sources for this answer
Advisory Guidelines on the Do Not Call Provisions
Supports the excluded-message categories, the limits on ongoing-relationship and B2B exclusions, and the prohibition on dictionary attacks and address-harvesting software.
Personal Data Protection Act 2012
Supports the statutory existence of the Eighth Schedule exclusions and section 48B prohibition referenced by the PDPC DNC guidance.
Recommended next step

Turn Singapore PDPA DNC checks into campaign controls

Use this guide to build campaign intake fields for message purpose, Singapore telephone number format, DNC result date, consent evidence, opt-out handling, sender identity, and excluded-message review.

Assessment workflow
Open Assessment Autopilot for Singapore PDPA

Convert DNC marketing checks into campaign questions, evidence requests, and assigned review tasks.

Explore next step
Research workflow
Review Singapore PDPA source evidence

Use Research Copilot to verify DNC edge cases against official PDPC and Singapore Statutes Online sources.

Explore next step
Talk to Sorena
Talk through Singapore PDPA DNC implementation

Review marketing-message scope, consent records, opt-out handling, and sender responsibility with Sorena.

Explore next step
Primary sources

References and citations

Advisory Guidelines on the Do Not Call Provisions
pdpc.gov.sg
Referenced sections
  • Supports the excluded-message categories, the limits on ongoing-relationship and B2B exclusions, and the prohibition on dictionary attacks and address-harvesting software.
"Messages excluded from the definition of a specified message"
Do Not Call Registry and Your Business
pdpc.gov.sg
Referenced sections
  • Supports practical requirements for opt-out information, sender identification for text and fax messages, and non-concealment of caller identity.
"Provide information on how individuals can opt out"
Do Not Call Registry Business Rules
pdpc.gov.sg
Referenced sections
  • Supports the operational lookup steps, accepted Singapore telephone number format, register types, and 21-day validity of DNC check results.
"Only 8-digit numbers starting with 3, 6, 8 or 9"
Personal Data Protection Act 2012
sso.agc.gov.sg
Referenced sections
  • Supports the statutory existence of the Eighth Schedule exclusions and section 48B prohibition referenced by the PDPC DNC guidance.
"EIGHTH SCHEDULE Exclusion from meaning of specified message"
Related guides

Explore more topics

Singapore PDPA Anonymisation and DPIA Records
Build Singapore PDPA anonymisation and DPIA records around PDPC guidance: release model, re-identification risk, data flows, action plans, safeguards, and monitoring.
Singapore PDPA anonymisation FAQ
FAQ on anonymisation under the Singapore PDPA: de-identification, pseudonymisation, re-identification risk, when PDPA may no longer apply, and evidence records.
Singapore PDPA Applicability Test
Test whether Singapore PDPA obligations apply by checking personal data, organisation role, data intermediary status, public agency and individual boundaries, and business contact information.
Singapore PDPA Breach Notification Playbook
A grounded Singapore PDPA breach-notification playbook covering assessment, notifiable-breach thresholds, PDPC and affected-individual notification steps, roles, records, and citations.
Singapore PDPA breach notification thresholds FAQ
FAQ on Singapore PDPA notifiable data breach tests: significant harm, significant scale, 500 affected individuals, assessment timing, PDPC notices, and affected-individual notices.
Singapore PDPA Breach Notification Workflow
A grounded Singapore PDPA workflow for containing a personal data breach, assessing notifiability, notifying PDPC or affected individuals, and retaining evidence.
Singapore PDPA Compliance Checklist
A grounded Singapore PDPA checklist for scope, DPO accountability, consent, data intermediaries, breach notification, DNC checks, transfers, and evidence records.
Singapore PDPA Compliance Guide
Build a Singapore PDPA compliance plan covering DPO accountability, consent and notification, protection, retention, access and correction, transfers, breach notification, and DNC checks.
Singapore PDPA Consent and Deemed Consent Workflow
Choose express consent, deemed consent by conduct, contractual necessity, notification, or the legitimate interests exception under Singapore PDPA with grounded intake fields and evidence records.
Singapore PDPA Consent, Notification and Purpose Rules
How Singapore PDPA consent, notification, purpose limitation, deemed consent, withdrawal, and consent exceptions should be handled in product and privacy workflows.
Singapore PDPA Cross-Border Transfers
Grounded Singapore PDPA guidance for overseas personal data transfers, comparable protection, ASEAN MCCs, APEC certifications, vendor roles, and evidence records.
Singapore PDPA Data Breach Notification Thresholds
Grounded Singapore PDPA breach notification thresholds covering significant harm, the 500-individual significant-scale test, assessment records, and notification timing.
Singapore PDPA Data Intermediaries FAQ
FAQ guidance on Singapore PDPA data intermediary roles, direct obligations, organisation accountability, contracts, retention, protection, and breach escalation.
Singapore PDPA Data Intermediary Responsibilities
Practical Singapore PDPA guide to data intermediary role boundaries, organisation accountability, protection, retention, breach escalation, and contract evidence.
Singapore PDPA Deadlines and Compliance Calendar
A grounded Singapore PDPA compliance calendar for breach notification, DNC checks, access and correction requests, retention reviews, and DPMP maintenance.
Singapore PDPA Deemed Consent and Legitimate Interests
How to apply Singapore PDPA deemed consent by conduct, contractual necessity, notification, and legitimate interests with opt-out, adverse-effect, disclosure, and assessment records.
Singapore PDPA Deemed Consent FAQ
FAQ on Singapore PDPA deemed consent by conduct, contractual necessity, notification, opt-out periods, adverse-effect assessment, withdrawal, and direct-marketing limits.
Singapore PDPA DNC checking FAQ: when to check the DNC Registry
FAQ guidance on Singapore PDPA DNC checking: when to check the DNC Registry, which registers apply, 8-digit numbers, 21-day result validity, consent evidence, on-behalf checks, opt-outs, and supported exclusions.
Singapore PDPA DNC Marketing Checks
Operational checklist for Singapore PDPA DNC marketing checks: account evidence, register status, 21-day result validity, consent evidence, and campaign owner records.
Singapore PDPA DNC Marketing Workflow
Workflow for Singapore PDPA DNC marketing campaigns: classify specified messages, check Singapore telephone numbers, document consent, suppress opt-outs, and approve sends.
Singapore PDPA DPIAs: when to run and what to document
FAQ-style implementation guidance on Singapore PDPA DPIAs, including when PDPC guidance recommends them, data-flow mapping, risk treatment, DPO review, and evidence records.
Singapore PDPA DPMP Accountability FAQ | DPO, Policies, Evidence
FAQ for implementing Singapore PDPA accountability through a DPMP: DPO designation, policies, evidence, training, monitoring, incident logs, and review records.
Singapore PDPA DPMP Accountability Guide
Build a Singapore PDPA Data Protection Management Programme with DPO ownership, policies, data inventories, DPIAs, training, monitoring, breach logs, and review records.
Singapore PDPA FAQ: scope, DPO, consent, breaches and DNC
FAQ answers for Singapore PDPA implementation, covering scope, accountability, consent, access and correction, security, retention, transfers, data intermediaries, breach notification, and DNC checks.
Singapore PDPA legitimate interests FAQ
FAQ guidance on Singapore PDPA legitimate interests: assessment fields, adverse effects, mitigation, balancing, disclosure, records, and marketing limits.
Singapore PDPA NRIC Handling FAQ
FAQ guidance on when Singapore organisations may collect, use, disclose, retain, mask, or replace NRIC and other national identification numbers under PDPC guidance.
Singapore PDPA NRIC Handling Rules
When Singapore organisations may collect, use, disclose, retain, mask, or replace NRIC numbers under PDPC guidance.
Singapore PDPA Penalties and Enforcement Cases
How PDPC enforcement under Singapore's PDPA works: directions, voluntary undertakings, published decisions, financial penalty caps, and implementation lessons from cases.
Singapore PDPA Penalties and Fines
Singapore PDPA penalty ceilings, PDPC directions, undertakings, breach notification context, and practical controls grounded in official PDPC and Singapore Statutes sources.
Singapore PDPA Privacy Policy Template
A Singapore PDPA privacy policy template for writing notices, DPO contact details, access and correction routes, retention, transfers, protection, withdrawal, and complaint handling without overclaiming compliance.
Singapore PDPA Requirements: Core Obligations
Map Singapore PDPA obligations across consent, notification, access, security, retention, transfers, accountability, breaches, DNC checks, and data intermediaries.
Singapore PDPA Scope, Exclusions, and Data Intermediaries
Classify Singapore PDPA coverage, business contact information, personal or domestic activity, employee acts, and data intermediary obligations with grounded implementation records.
Singapore PDPA Transfer Assessment Workflow
A Singapore PDPA workflow for assessing overseas personal data transfers, comparable protection, ASEAN MCCs, APEC CBPR/PRP certifications, vendor due diligence, onward transfers, and evidence records.
Singapore PDPA Transfer Clauses
Draft Singapore PDPA transfer clauses for overseas vendors, affiliates, data intermediaries, onward transfers, breach support, ASEAN MCCs, and APEC CBPR or PRP evidence.
Singapore PDPA transfer clauses FAQ
FAQ guidance on Singapore PDPA transfer clauses, comparable protection, ASEAN MCCs, APEC CBPR and PRP certifications, onward transfers, and evidence records.
Singapore PDPA Vendor Outsourcing and Contracts
Contract and operating checklist for Singapore PDPA vendor outsourcing: data intermediary status, written terms, security, retention, breach, transfers, sub-contracting, and exit evidence.
Singapore PDPA vs GDPR Comparison
Compare Singapore PDPA and GDPR implementation work across consent, DPO accountability, processors, transfers, breach notification, DNC marketing, rights, retention, and penalties.