The Info-comm Media Development Authority (IMDA) of Singapore launched the Data Protection Trustmark Certification or DPTM to boost the standard of the data protection practices within organisations in the country. Organisations that want to highlight their commitment to data protection should get the DPTM certification.
Organisations that want to enhance their current data protection policies and protection practices can apply for Data Protection Trustmark Certification. Getting the DPTM certification will also serve as a clear testament of an organisation’s reliable data protection practices.
The DPTM was rolled out with the following objectives in mind:
- For organisations to showcase accountable and sound data protection practices.
- To improve and promote consistency in the data protection standards across various sectors.
- To provide businesses with a competitive advantage.
- To boost the confidence of consumers in the organisation’s management of personal data.
For most Data Protection Officers (DPOs), there are three primary reasons for an organisation to pursue DPTM:
- To set the right standard in preparation for a regional compliance programme.
- To function as competitive advantage in tender considerations.
- To achieve a high level of data protection excellence as a trusted organisation.
Ideal DPTM Applicants
Any interested organisation that’s recognised or formed under the laws of Singapore can apply for DPTM certification. In addition, a Singapore resident with an office of business in Singapore can also apply. Organisations that have breached the PDPA or are undergoing investigations by the PDPC are also welcome.
Organisations that have breached the PDPA or are undergoing investigations are allowed to apply given that they comply with certain conditions like making an official declaration of all the investigations and breaches within the last 2 years before the data of their DPTM application.
What It Takes to Achieve DPTM
The DPTM self-assessment is based on the following key principles:
- Governance and Transparency
- Management of Personal Data
- Care of Personal Data
- Individuals’ Rights
If an organisation is new to data protection and has yet to establish a baseline in relation to the Personal Data Protection Act (PDPA), they can contact the PDPC’s list of Data Protection Service Providers for assistance with their DPTM readiness.
The final assessment will be carried out by the appointed Assessment Body (AB). The Assessment Body will also function as an independent body that will assess the organisation’s data protection practices to see if it conforms with the DPTM requirements.
Many companies often hesitate to get the DPTM certification as they are worried that if a breach occurs during the post-certification period, their efforts will be nullified. Fortunately, there is no truth to this. The PDPC will actually see the DPTM certification as a mitigating factor.
A public course called Advanced Data Protection Techniques: Data Protection by Design, DPIA and DPTM is also offered so participants can learn the key principles and implementation for Data Protection by Design in various scenarios including Data Protection Trustmark principles and considerations.
The course is also geared towards DPTM readiness and is available for those who would like to sign up. This is extremely favorable for Singaporean citizens as they have solid support to work towards DPTM. Companies in Singapore need to also act fast to leverage on this initiative and build a competitive edge.