Complete Guide to Singapore's Do Not Call (DNC) Registry for Businesses
Everything Singapore businesses need to know about the DNC Registry. Registration, checking obligations, penalties, exemptions, and compliance best practices.
Complete Guide to Singapore's Do Not Call (DNC) Registry for Businesses
A property agent I know sent 2,000 promotional SMS messages about a new launch. He did not check the DNC Registry first. Within a week, he had three complaints filed with the PDPC. The fines for DNC violations run up to S$1 million, and the PDPC publishes every enforcement decision with the offender's name.
All of it was avoidable with a five-minute check on a government portal.
TL;DR: Everything Singapore businesses need to know about the DNC Registry. Registration, checking obligations, penalties, exemptions, and compliance best practices.
The DNC Registry is one of the most frequently breached parts of Singapore's data protection framework. Many businesses — especially smaller ones — either do not know the requirement exists or assume it only applies to large marketing operations. It applies to everyone, and the PDPC enforces it actively.
What Is the DNC Registry?
A national database maintained by the PDPC under Part IX of the PDPA. Singapore residents can register their phone numbers to opt out of unsolicited marketing.
Three separate registers:
- No Voice Call Register
- No Text Message Register
- No Fax Message Register
Individuals can register on one, two, or all three. You must check the relevant register before sending each type of marketing message.
Who Must Comply
Every organisation sending marketing to Singapore phone numbers: companies, freelancers, non-profits, even overseas companies targeting Singapore numbers. No exemption based on size, revenue, or message volume. Even a single unsolicited message to a registered number is a breach.
What Counts as a "Marketing Message"
Messages whose primary purpose is to offer, advertise, or promote goods, services, or business opportunities. This includes promotional SMS, cold calls, fax ads, appointment reminders that include promotional offers, and loyalty messages promoting new products.
Not marketing: Order confirmations, delivery updates, payment receipts, service notifications without promotional content, legally required messages, responses to enquiries, and government communications.
Watch out: Messages mixing transactional and promotional content. If your appointment reminder includes "enjoy 20% off your next visit," the entire message may be classified as marketing.
How to Check the DNC Registry
- Register at dnc.pdpc.gov.sg using CorpPass
- Prepare your number list in standard Singapore 8-digit format
- Submit the check — the system flags which numbers are registered
- Remove all registered numbers (unless you have documented consent to override)
- Document the date, numbers checked, results, and which register you checked
Timing: Checks must be performed within 30 days before sending. Stale checks do not count. Best practice: check immediately before each campaign.
Cost: Up to 20 checks free via web interface. Bulk API checks at volume-based pricing. Free is sufficient for most SMEs.
The Consent Override
You can send to registered numbers only with clear and unambiguous consent that is:
- Specific to marketing messages (not just general data collection consent)
- Active — silence, pre-ticked boxes, or inaction do not count
- Documented with records of when, how, and what was consented to
- Current — withdrawable at any time
Valid: Customer signs a form saying "I agree to receive promotional SMS from [Company] about our products and services."
Invalid: Page 12 of your Terms of Service includes "you consent to marketing communications." That is not clear and unambiguous.
Exemptions
B2B marketing to business numbers (not personal numbers) for relevant purposes is narrowly exempt, but the PDPC interprets this strictly. When in doubt, check.
Existing relationship may provide a basis for deemed consent, but does not automatically override a DNC registration. Always get explicit consent at onboarding.
Government and public interest messages are exempt.
Penalties
- Organisations: up to S$1 million per breach
- Individuals: up to S$10,000 per message
The PDPC has published numerous enforcement decisions for DNC violations — real estate agents, insurance companies, retailers, and marketing agencies sending messages without checking. Both the commissioning organisation and any third-party agency sending on their behalf can be liable.
Best Practices
Build consent into customer onboarding. Separate, unticked checkboxes specifying channels (SMS, voice, fax). Timestamped consent records.
Check before every campaign. Numbers are added and removed regularly. Never rely on a previous check.
Maintain an internal suppression list of people who withdrew consent, requested opt-out, or complained.
Include opt-out in every message. "Reply STOP to unsubscribe."
Train your team. Everyone involved in marketing — including interns — needs to understand DNC requirements.
Audit quarterly. Are checks being performed? Records maintained? Opt-outs processed? Vendor compliance verified?
DNC as Part of Overall PDPA Compliance
The DNC Registry is one component of the PDPA. Your overall compliance framework should address all 10 obligations, including appointing a DPO, maintaining a privacy policy, and having a breach response plan.
Businesses that fail on DNC often have gaps elsewhere. A comprehensive assessment catches everything at once.
Check your full PDPA compliance status, including DNC readiness. ComplyHQ's AI-powered gap assessment evaluates your practices against every obligation. Start a free assessment
Government Resources
Related Articles
- PDPA Compliance Checklist for Singapore SMEs (2026 Edition)
- Understanding Consent Under PDPA
- PDPA Penalties and Fines: What You Risk for Non-Compliance
- 10 PDPA Obligations Every Singapore Business Must Follow
Sources
- PDPC — Personal Data Protection Commission
- Personal Data Protection Act 2012
- CSA — Cyber Security Agency of Singapore
Looking for more? Check out Adaptels.
Simplify Your Compliance
ComplyHQ's AI can assess your PDPA compliance gaps in under 15 minutes and generate the policies you need.
Try Free AssessmentFrequently Asked Questions
Do I need to check the DNC Registry before sending marketing messages?
What are the penalties for breaching the DNC rules?
Does the DNC Registry apply to email marketing?
How often should I check the DNC Registry?
Can I still send marketing messages to numbers on the DNC Registry?
Ready to get PDPA compliant?
Stop guessing about compliance. ComplyHQ uses AI to assess your gaps, generate policies, and guide you through every PDPA obligation.