--- title: "Singapore PDPA DNC Marketing Workflow" canonical_url: "https://www.sorena.io/artifacts/apac/singapore-pdpa/dnc-marketing-workflow" source_url: "https://www.sorena.io/artifacts/apac/singapore-pdpa/dnc-marketing-workflow" author: "Sorena AI" description: "Workflow for Singapore PDPA DNC marketing campaigns: classify specified messages, check Singapore telephone numbers, document consent, suppress opt-outs, and approve sends." published_at: "2026-05-09" updated_at: "2026-05-09" keywords: - "Singapore PDPA DNC workflow" - "DNC Registry marketing" - "specified message" - "Singapore telephone number" - "telemarketing consent" - "Singapore PDPA" - "DNC Registry" - "telemarketing" - "marketing compliance" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # Singapore PDPA DNC Marketing Workflow Workflow for Singapore PDPA DNC marketing campaigns: classify specified messages, check Singapore telephone numbers, document consent, suppress opt-outs, and approve sends. *Workflow* *Singapore PDPA* *DNC Registry* ## DNC marketing workflow for Singapore PDPA campaigns Use this workflow before sending marketing calls, texts, faxes, or telephone-number-based app messages to Singapore telephone numbers. It turns DNC campaign intake into specified-message classification, register checks, consent evidence, opt-out suppression, vendor controls, and approval records. This workflow is for campaign owners, lifecycle marketers, privacy reviewers, and vendors preparing outbound marketing to Singapore telephone numbers. It should be validated against jurisdiction-specific legal, contractual, and policy requirements before implementation, but it gives teams a concrete operating record for DNC screening and approval. ## 1. Intake the campaign before any send list is loaded Start with a campaign intake record, not with a channel upload. Record the product or service being promoted, the sender brand, the actual sender or vendor, every channel, the source of the telephone numbers, and whether the list contains Singapore telephone numbers. Treat a Singapore telephone number as an 8-digit number beginning with 3, 6, 8, or 9. If the list is mixed-market or partially formatted, normalize and separate the Singapore numbers before DNC review. - Campaign fields: campaign name, business owner, sender identity, vendor or agency, channel, message copy, landing page, offer, audience source, intended send date, and approver. - List fields: upload source, number format, Singapore-number filter, deduplication result, suppression-list match, DNC check batch ID, and rejected-number file if bulk filtering is used. - Vendor fields: whether the vendor is checking on behalf of another organisation, the organisation named in the DNC declaration, and the file returned to the campaign owner. - Stop the launch if the campaign owner cannot identify who authorised the message, who will send it, or which register applies to the channel. Sources for this answer: - [Do Not Call Registry Business Rules](https://www.pdpc.gov.sg/Overview-of-PDPA/Do-Not-Call-Registry/Business-Owner/Do-Not-Call-Registry-Business-Rules?ref=sorena.io) - Supports number-format intake, account setup, on-behalf checking, small-number lookup, bulk filtering, returned files, and result validity. - [Advisory Guidelines on the DNC Provisions](https://www.pdpc.gov.sg/guidelines-and-consultation/2020/02/advisory-guidelines-on-the-do-not-call-provisions?ref=sorena.io) - Defines Singapore telephone number and explains that DNC obligations apply to specified messages sent to those numbers. ## 2. Classify whether the message is a specified message Classify the message by purpose, not by campaign label. A message is in scope when its purpose, or one of its purposes, is to advertise, promote, or offer goods, services, land, an interest in land, a business opportunity, or an investment opportunity, or to promote the supplier or prospective supplier. Do not treat a consent-request SMS or call as low risk just because it asks for permission. PDPC guidance treats offers to send specified messages, and requests for consent sent to a Singapore telephone number, as specified messages when they promote future offers. - Mark in scope when the copy promotes an offer, sale, membership, investment, property, supplier, event, seminar, course, or future promotional messages. - Mark out of DNC scope only with a recorded reason, such as a sole response to an individual's request for information, a service or reminder message, market survey or research, charitable or religious cause, or a message targeting businesses and not individuals. - For third-party referrals, record whether the individual actually requested information or gave clear and unambiguous consent for this sender to send specified messages. - Escalate mixed-purpose copy if any part of the message promotes goods, services, land, business opportunities, investment opportunities, or a supplier. Sources for this answer: - [Advisory Guidelines on the DNC Provisions](https://www.pdpc.gov.sg/guidelines-and-consultation/2020/02/advisory-guidelines-on-the-do-not-call-provisions?ref=sorena.io) - Supports purpose-based classification of specified messages and consent-request messages sent to Singapore telephone numbers. - [Do Not Call Registry and Your Business](https://www.pdpc.gov.sg/overview-of-pdpa/do-not-call-registry/business-owner/do-not-call-registry-and-your-business?ref=sorena.io) - Lists common marketing-message purposes and examples of message categories that businesses may send outside DNC checking. ## 3. Choose the register check or document the consent exception If the message is a specified message to a Singapore telephone number, choose the register that matches the channel: No Voice Call Register for voice or video calls, No Text Message Register for SMS, MMS, and other text, sound, or visual messages that use a Singapore telephone number, and No Fax Message Register for faxes. The normal control is a DNC Registry check before sending. The main exception is clear and unambiguous consent in evidential form from the user or subscriber of the number for this sender and message channel. - For DNC checks, store the submission method, submitted file, receipt timestamp, returned filtered-number file, summary file, rejected-number file, and register status used for the campaign decision. - For consent exceptions, store the consent wording, channel covered, positive action taken by the individual, date and time, form or page shown, number consented to, and the system log or document that can be reproduced later. - Do not rely on passive failure to opt out as clear and unambiguous consent. - Do not require telemarketing consent as a condition of supplying goods or services unless the consent is reasonable for the supply. Sources for this answer: - [Advisory Guidelines on the DNC Provisions](https://www.pdpc.gov.sg/guidelines-and-consultation/2020/02/advisory-guidelines-on-the-do-not-call-provisions?ref=sorena.io) - Supports the duty to check unless clear and unambiguous consent in evidential form has been obtained. - [Do Not Call Registry Business Rules](https://www.pdpc.gov.sg/Overview-of-PDPA/Do-Not-Call-Registry/Business-Owner/Do-Not-Call-Registry-Business-Rules?ref=sorena.io) - Supports the three-register channel split and the files returned by bulk filtering. ## 4. Suppress opt-outs and keep result validity visible DNC approval should expire with the DNC result, not with the campaign plan. Results returned from the DNC Registry are valid for up to 21 days; if the campaign send continues after that period, recheck the remaining Singapore telephone numbers before continuing telemarketing. Consent and opt-out handling need their own suppression control. When an individual withdraws consent or opts out through the medium used for the message, update the suppression list and stop further messages to that number within the prescribed period supported by the guidance. - Approval status values: not a specified message, DNC checked and clear, consent exception approved, suppressed, rejected number, recheck required, or escalated. - Suppression fields: number, channel, sender or brand, opt-out source, received timestamp, scope of withdrawal, suppression applied timestamp, owner, and audit evidence. - Recheck trigger: DNC result older than 21 days, changed sender, changed message purpose, new number list, new channel, withdrawn consent, or vendor file replaced. - Campaign systems should block sends when the DNC check has expired, the number appears on the relevant register, consent evidence is missing, or an opt-out has not been applied. Sources for this answer: - [Do Not Call Registry Business Rules](https://www.pdpc.gov.sg/Overview-of-PDPA/Do-Not-Call-Registry/Business-Owner/Do-Not-Call-Registry-Business-Rules?ref=sorena.io) - Supports the 21-day validity period for DNC Registry results and the need to recheck after expiry. - [Do Not Call Registry and Your Business](https://www.pdpc.gov.sg/overview-of-pdpa/do-not-call-registry/business-owner/do-not-call-registry-and-your-business?ref=sorena.io) - Supports same-medium opt-out information and the 21-day period for stopping marketing messages after opt-out. ## 5. Approve sender, vendor, and message evidence before launch Approval should cover both the person actually sending the message and anyone who caused or authorised the send. A brand owner, agency, and call centre can each be a sender depending on the arrangement, so the approval record should show who authorised the campaign and who performed each send or check. If a third-party checker or aggregator is used, do not treat that vendor as an official substitute for campaign approval. Keep the DNC file, date received, expiry, and any on-behalf declaration with the campaign record, and require the vendor to return enough evidence for the sender to verify the decision. - Message approval evidence: final copy, sender identification, contact details that recipients can readily use, caller-line identity controls for voice calls, landing page, and channel. - Sender responsibility evidence: authorising organisation, agency or vendor, call centre or platform, agreement term restricting unauthorised specified messages, and owner of DNC checking. - Vendor evidence: DNC checking account or on-behalf declaration, returned result file, result receipt date, expiry date, rejected-number handling, and confirmation that the vendor is not using dictionary attacks or address-harvesting. - Final approval should name the approver, list the source evidence reviewed, state the approved audience and channel, and record the date by which recheck or reapproval is required. Sources for this answer: - [Advisory Guidelines on the DNC Provisions](https://www.pdpc.gov.sg/guidelines-and-consultation/2020/02/advisory-guidelines-on-the-do-not-call-provisions?ref=sorena.io) - Supports sender responsibility for actual sending, causing, or authorising marketing messages, including agency and call-centre arrangements. - [Welcome to the Do Not Call Registry](https://www.dnc.gov.sg/?ref=sorena.io) - Supports caution that PDPC does not endorse third-party DNC services and that organisations remain liable when aggregators miss listed numbers. *Recommended next step* *Placement: after the practical guidance* ## Turn DNC campaign checks into assigned work Use this Singapore PDPA DNC workflow to assign campaign intake, register checking, consent evidence review, suppression controls, vendor follow-up, and final launch approval. - [Open Assessment Autopilot for Singapore PDPA](/solutions/assessment.md): Convert DNC campaign intake into scoped questions, owners, evidence fields, and approval tasks. - [Review DNC source evidence](/solutions/research-copilot.md): Use Research Copilot to check follow-up questions against the cited PDPC and DNC source material. - [Talk through implementation](/contact.md): Review campaign scope, sender roles, consent evidence, suppression controls, and vendor responsibilities with Sorena. ## Primary sources - [Do Not Call Registry and Your Business](https://www.pdpc.gov.sg/overview-of-pdpa/do-not-call-registry/business-owner/do-not-call-registry-and-your-business?ref=sorena.io) - Official PDPC business guidance for DNC marketing messages, opt-out handling, consent exceptions, third-party checkers, and examples of messages businesses may send. - Quote: "Provide information on how individuals can opt out" - [Do Not Call Registry Business Rules](https://www.pdpc.gov.sg/Overview-of-PDPA/Do-Not-Call-Registry/Business-Owner/Do-Not-Call-Registry-Business-Rules?ref=sorena.io) - Official PDPC operational guidance for DNC accounts, number format, small lookup, bulk filtering, returned files, charges, and result validity. - Quote: "Results will be available within 24 hours." - [Advisory Guidelines on the DNC Provisions](https://www.pdpc.gov.sg/guidelines-and-consultation/2020/02/advisory-guidelines-on-the-do-not-call-provisions?ref=sorena.io) - Official PDPC advisory guidelines supporting specified-message classification, consent evidence, sender responsibility, identification, contact information, and DNC checking. - Quote: "Definition of a Specified Message" - [Welcome to the Do Not Call Registry](https://www.dnc.gov.sg/?ref=sorena.io) - Official DNC Registry landing page supporting consumer registration, organisation checking, and caution about third-party DNC service providers. - Quote: "Organisations must check with the DNC Registry" ## Related Topic Guides - [Singapore PDPA Anonymisation and DPIA Records](/artifacts/apac/singapore-pdpa/anonymisation-and-dpias.md): Build Singapore PDPA anonymisation and DPIA records around PDPC guidance: release model, re-identification risk, data flows, action plans, safeguards, and monitoring. - [Singapore PDPA anonymisation FAQ](/artifacts/apac/singapore-pdpa/faq/anonymisation.md): FAQ on anonymisation under the Singapore PDPA: de-identification, pseudonymisation, re-identification risk, when PDPA may no longer apply, and evidence records. - [Singapore PDPA Applicability Test](/artifacts/apac/singapore-pdpa/applicability-test.md): Test whether Singapore PDPA obligations apply by checking personal data, organisation role, data intermediary status, public agency and individual boundaries, and business contact information. - [Singapore PDPA Breach Notification Playbook](/artifacts/apac/singapore-pdpa/breach-notification-playbook.md): A grounded Singapore PDPA breach-notification playbook covering assessment, notifiable-breach thresholds, PDPC and affected-individual notification steps, roles, records, and citations. - [Singapore PDPA breach notification thresholds FAQ](/artifacts/apac/singapore-pdpa/faq/breach-thresholds.md): FAQ on Singapore PDPA notifiable data breach tests: significant harm, significant scale, 500 affected individuals, assessment timing, PDPC notices, and affected-individual notices. - [Singapore PDPA Breach Notification Workflow](/artifacts/apac/singapore-pdpa/breach-notification-workflow.md): A grounded Singapore PDPA workflow for containing a personal data breach, assessing notifiability, notifying PDPC or affected individuals, and retaining evidence. - [Singapore PDPA Compliance Checklist](/artifacts/apac/singapore-pdpa/checklist.md): A grounded Singapore PDPA checklist for scope, DPO accountability, consent, data intermediaries, breach notification, DNC checks, transfers, and evidence records. - [Singapore PDPA Compliance Guide](/artifacts/apac/singapore-pdpa/compliance.md): Build a Singapore PDPA compliance plan covering DPO accountability, consent and notification, protection, retention, access and correction, transfers, breach notification, and DNC checks. - [Singapore PDPA Consent and Deemed Consent Workflow](/artifacts/apac/singapore-pdpa/consent-and-deemed-consent-selection-workflow.md): Choose express consent, deemed consent by conduct, contractual necessity, notification, or the legitimate interests exception under Singapore PDPA with grounded intake fields and evidence records. - [Singapore PDPA Consent, Notification and Purpose Rules](/artifacts/apac/singapore-pdpa/consent-notification-and-purposes.md): How Singapore PDPA consent, notification, purpose limitation, deemed consent, withdrawal, and consent exceptions should be handled in product and privacy workflows. - [Singapore PDPA Cross-Border Transfers](/artifacts/apac/singapore-pdpa/cross-border-transfers.md): Grounded Singapore PDPA guidance for overseas personal data transfers, comparable protection, ASEAN MCCs, APEC certifications, vendor roles, and evidence records. - [Singapore PDPA Data Breach Notification Thresholds](/artifacts/apac/singapore-pdpa/breach-notification-thresholds.md): Grounded Singapore PDPA breach notification thresholds covering significant harm, the 500-individual significant-scale test, assessment records, and notification timing. - [Singapore PDPA Data Intermediaries FAQ](/artifacts/apac/singapore-pdpa/faq/data-intermediaries.md): FAQ guidance on Singapore PDPA data intermediary roles, direct obligations, organisation accountability, contracts, retention, protection, and breach escalation. - [Singapore PDPA Data Intermediary Responsibilities](/artifacts/apac/singapore-pdpa/data-intermediary-responsibilities.md): Practical Singapore PDPA guide to data intermediary role boundaries, organisation accountability, protection, retention, breach escalation, and contract evidence. - [Singapore PDPA Deadlines and Compliance Calendar](/artifacts/apac/singapore-pdpa/deadlines-and-compliance-calendar.md): A grounded Singapore PDPA compliance calendar for breach notification, DNC checks, access and correction requests, retention reviews, and DPMP maintenance. - [Singapore PDPA Deemed Consent and Legitimate Interests](/artifacts/apac/singapore-pdpa/deemed-consent-and-legitimate-interests.md): How to apply Singapore PDPA deemed consent by conduct, contractual necessity, notification, and legitimate interests with opt-out, adverse-effect, disclosure, and assessment records. - [Singapore PDPA Deemed Consent FAQ](/artifacts/apac/singapore-pdpa/faq/deemed-consent.md): FAQ on Singapore PDPA deemed consent by conduct, contractual necessity, notification, opt-out periods, adverse-effect assessment, withdrawal, and direct-marketing limits. - [Singapore PDPA DNC and Marketing Messages Guide](/artifacts/apac/singapore-pdpa/dnc-and-marketing-messages.md): A grounded Singapore PDPA guide to DNC checks, specified marketing messages, Singapore telephone numbers, consent evidence, opt-outs, sender duties, and excluded messages. - [Singapore PDPA DNC checking FAQ: when to check the DNC Registry](/artifacts/apac/singapore-pdpa/faq/dnc-checking.md): FAQ guidance on Singapore PDPA DNC checking: when to check the DNC Registry, which registers apply, 8-digit numbers, 21-day result validity, consent evidence, on-behalf checks, opt-outs, and supported exclusions. - [Singapore PDPA DNC Marketing Checks](/artifacts/apac/singapore-pdpa/dnc-marketing-checks.md): Operational checklist for Singapore PDPA DNC marketing checks: account evidence, register status, 21-day result validity, consent evidence, and campaign owner records. - [Singapore PDPA DPIAs: when to run and what to document](/artifacts/apac/singapore-pdpa/faq/dpias.md): FAQ-style implementation guidance on Singapore PDPA DPIAs, including when PDPC guidance recommends them, data-flow mapping, risk treatment, DPO review, and evidence records. - [Singapore PDPA DPMP Accountability FAQ | DPO, Policies, Evidence](/artifacts/apac/singapore-pdpa/faq/dpmp-accountability.md): FAQ for implementing Singapore PDPA accountability through a DPMP: DPO designation, policies, evidence, training, monitoring, incident logs, and review records. - [Singapore PDPA DPMP Accountability Guide](/artifacts/apac/singapore-pdpa/dpmp-accountability.md): Build a Singapore PDPA Data Protection Management Programme with DPO ownership, policies, data inventories, DPIAs, training, monitoring, breach logs, and review records. - [Singapore PDPA FAQ: scope, DPO, consent, breaches and DNC](/artifacts/apac/singapore-pdpa/faq.md): FAQ answers for Singapore PDPA implementation, covering scope, accountability, consent, access and correction, security, retention, transfers, data intermediaries, breach notification, and DNC checks. - [Singapore PDPA legitimate interests FAQ](/artifacts/apac/singapore-pdpa/faq/legitimate-interests.md): FAQ guidance on Singapore PDPA legitimate interests: assessment fields, adverse effects, mitigation, balancing, disclosure, records, and marketing limits. - [Singapore PDPA NRIC Handling FAQ](/artifacts/apac/singapore-pdpa/faq/nric-handling.md): FAQ guidance on when Singapore organisations may collect, use, disclose, retain, mask, or replace NRIC and other national identification numbers under PDPC guidance. - [Singapore PDPA NRIC Handling Rules](/artifacts/apac/singapore-pdpa/nric-handling.md): When Singapore organisations may collect, use, disclose, retain, mask, or replace NRIC numbers under PDPC guidance. - [Singapore PDPA Penalties and Enforcement Cases](/artifacts/apac/singapore-pdpa/pdpa-penalties-and-enforcement-cases.md): How PDPC enforcement under Singapore's PDPA works: directions, voluntary undertakings, published decisions, financial penalty caps, and implementation lessons from cases. - [Singapore PDPA Penalties and Fines](/artifacts/apac/singapore-pdpa/penalties-and-fines.md): Singapore PDPA penalty ceilings, PDPC directions, undertakings, breach notification context, and practical controls grounded in official PDPC and Singapore Statutes sources. - [Singapore PDPA Privacy Policy Template](/artifacts/apac/singapore-pdpa/pdpa-privacy-policy-template.md): A Singapore PDPA privacy policy template for writing notices, DPO contact details, access and correction routes, retention, transfers, protection, withdrawal, and complaint handling without overclaiming compliance. - [Singapore PDPA Requirements: Core Obligations](/artifacts/apac/singapore-pdpa/requirements.md): Map Singapore PDPA obligations across consent, notification, access, security, retention, transfers, accountability, breaches, DNC checks, and data intermediaries. - [Singapore PDPA Scope, Exclusions, and Data Intermediaries](/artifacts/apac/singapore-pdpa/scope-exclusions-and-data-intermediaries.md): Classify Singapore PDPA coverage, business contact information, personal or domestic activity, employee acts, and data intermediary obligations with grounded implementation records. - [Singapore PDPA Transfer Assessment Workflow](/artifacts/apac/singapore-pdpa/transfer-assessment-workflow.md): A Singapore PDPA workflow for assessing overseas personal data transfers, comparable protection, ASEAN MCCs, APEC CBPR/PRP certifications, vendor due diligence, onward transfers, and evidence records. - [Singapore PDPA Transfer Clauses](/artifacts/apac/singapore-pdpa/transfer-clauses.md): Draft Singapore PDPA transfer clauses for overseas vendors, affiliates, data intermediaries, onward transfers, breach support, ASEAN MCCs, and APEC CBPR or PRP evidence. - [Singapore PDPA transfer clauses FAQ](/artifacts/apac/singapore-pdpa/faq/transfer-clauses.md): FAQ guidance on Singapore PDPA transfer clauses, comparable protection, ASEAN MCCs, APEC CBPR and PRP certifications, onward transfers, and evidence records. - [Singapore PDPA Vendor Outsourcing and Contracts](/artifacts/apac/singapore-pdpa/vendor-outsourcing-and-contracts.md): Contract and operating checklist for Singapore PDPA vendor outsourcing: data intermediary status, written terms, security, retention, breach, transfers, sub-contracting, and exit evidence. - [Singapore PDPA vs GDPR Comparison](/artifacts/apac/singapore-pdpa/singapore-pdpa-vs-gdpr.md): Compare Singapore PDPA and GDPR implementation work across consent, DPO accountability, processors, transfers, breach notification, DNC marketing, rights, retention, and penalties. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/apac/singapore-pdpa/dnc-marketing-workflow