Lalamove Singapore (Easyvan SG Pte Ltd)
Founded in 2013, Lalamove is a leading on-demand logistics company operating across Asia, connecting users and drivers for fast and flexible delivery services. In Singapore, Lalamove aims to strengthen compliance and build trust among platform workers and customers by enhancing its Data Protection strategy.
The project challenge centred on navigating regulatory change within Singapore’s evolving data protection landscape.
- Rapidly Evolving Regulatory Landscape: Lalamove Singapore needed to assess and validate its Data Protection strategy against changing regulatory requirements to ensure continued compliance and organisational resilience.
To address this, the SMU-XL team conducted a structured gap analysis using the PDPC’s PATO tool, reviewed relevant enforcement cases, and benchmarked industry best practices to design a tailored Data Protection Management Programme (DPMP) for Lalamove.
The following key outcomes were delivered by the project:
- Governance Structure and DPO Roles: Creating a governance structure and defining DPO roles.
- Internal Policies and Breach Management: Drafting internal policies and breach management procedures.
- Access Request Playbook: Developing an Access Request Playbook.
- PATO Self-Assessment: Conducting PATO self-assessment and gap analysis.
- Continuous Improvement Roadmap: Designing a roadmap for continuous improvements.
The project delivered significant and multifaceted benefits:
- Strengthened Data Governance Foundations: Clearly defined roles, formalised governance structures, and documented policies now provide a robust framework for accountable data management across the organisation.
- Enhanced Incident and Request Management Readiness: The implementation of the Access Request Playbook and Breach Management Procedures enables timely, compliant, and structured responses to data subject requests and potential incidents.
- Improved Accountability and Role Clarity: Adoption of RACI matrices and ISO-aligned templates reduces ambiguity in decision-making, ensuring consistent execution and ownership of data protection responsibilities.
- Structured Pathway to Continuous Compliance: Leveraging the PDPC PATO self-assessment framework and a phased implementation roadmap positions the organisation for ongoing maturity uplift, regular audits, and measurable progress tracking.
- Strengthened Organisational Awareness and Capability: Recommended training initiatives, breach simulation exercises, and early stakeholder engagement foster a proactive privacy culture embedded across teams.
- Strategic Risk Mitigation and Trust Building: By addressing governance gaps, operationalising third-party risk oversight, and formalising breach protocols, the organisation enhances stakeholder confidence and reinforces its commitment to responsible data stewardship.
- Future-Ready Privacy Maturity: With plans to pursue Data Protection Trustmark certification and embed continuous improvement practices, the organisation is well-positioned to advance toward higher levels of regulatory alignment and long-term resilience.
I would like to compliment SMU-XL, the professors and practitioners for their support during the SMU XL experience. Specifically, Lyndon was helpful and addressed our concerns and questions about the SMU-XL project. We would recommend this programme to other companies looking to strengthen their Data Privacy strategy.
Yuvan s/o Mohan, Corporate Affairs Manager, Lalamove Singapore
