Crypto Exchange

Driving a Culture of Data Privacy Towards Data Protection Trustmark (DPTM)

Personal information belongs to the consumer. It is a property that organisations need to handle with care. This makes privacy compliance a more difficult challenge to navigate. Organisations are required to figure out what is best for the consumer and the rights they might exercise under different privacy regulations.

In other words, organisations need to make a culture of privacy a priority. This need will not only require investing in data protection services a must, it also creates a deep change in the business policies, processes, and corporate privacy awareness of the organisation.

Aside from investing in data protection services, organisations need to also consider the data protection best practices and benchmarks from around the world. To help achieve said objectives, The Infocomm Media Development Authority (IMDA) launched the Data Protection Trustmark (DPTM).

The Lowdown on the Data Protection Trustmark (DPTM)

DPTM is considered one of the steps an organisation needs to take as proof of their data protection credentials. Below are three primary reasons why organisations should strive to attain the Data Protection Trustmark:

Business Opportunities

From the business point of view, the Data Protection Trustmark is mentioned in government contracts and tenders as a requirement to demonstrate compliance and accountability with Singapore’s Personal Data Protection Act (PDPA). This aligns with the country’s effort to build a trusted data hub and digital economy.

When bidding for business contracts or government tenders, organisations that use DPTM will stand out from the rest because it is proof of external due diligence done on the business operations. The DPTM certification is also considered a requirement when bidding, which affects the viability of the business significantly.

Since data protection laws continue to evolve and new ones are being implemented rapidly, it is also considered a consideration especially for organisations that are involved in cross-border transfers. China is the latest to announce their own Personal Data Protection Law which went live in November of 2021.

Accurate Review of the Data Protection Capability of the Organisation

The DPTM is also considered a great base to adopt for internal audit objectives. An external assessment body will be appointed to review the data protection practices of the organisation. This helps ensure the organisation can fulfil the DPTM requirements by showing evidence that its data protection processes and policies are properly documented, implemented, and practised.

Symbol of Trust

The Data Protection Trustmark is also seen as a good indicator and symbol of trust. It is recognisable among regulators in the event of investigations. It also shows corporate clients that you have done due diligence. It also shows consumers that the organisation is highly reliable.

In investigations carried out by regulators like the Personal Data Protection Commission (PDPC), the DPTM can help organisations demonstrate that it has validated their data protection management practices. This can also help facilitate the investigation and help empower the organisation to achieve the expedited route.

The expedited route can shorten the process from a full year to just a few months. For corporate clients the DPTM is considered the most recognised third-party certification. It is designed to validate the organisation’s data protection practices. For organisations who are service providers or third-party vendors, the DPTM will position you as a trusted vendor.

This can hasten the process as well. In fact, a PDPC survey done in 2018 indicated that at least 4 out of 5 organisations would prefer partnering with organisations that manage their personal data appropriately. In the same survey, they also found out that two in three customers are more willing to purchase from DPTM-certified organisations as they know they have implemented robust data protection practices to secure their personal data.