What’s the Difference Between DPTM and the Credence Data Trust Rating System (CDTR)?

The Data Protection Trustmark (DPTM) is an organisational certification administered by IMDA (Infocomm Media Development Authority). One of the primary aims of the Data Protection Trustmark (DPTM) is to improve the data protection competencies of organisations based in Singapore.

The Data Protection Trustmark (DPTM) will also demonstrate that an organisation has sound data practices in place. That said, the Data Protection Trustmark (DPTM) is also a highly recognised means of demonstrating an organisation’s sound data protection practices. 

DPTM is also considered a part of a roadmap that organisations can achieve systematically. The Data Protection Trustmark has four phases: governance, baseline, implementation, and certification.

01: Governance

A data protection (DP) office will be led by a Data Protection Officer (DPO). The team should be competent and trained when providing advice on matters related to personal data and the Personal Data Protection Act (PDPA).

02: Baseline

Organisations need to ensure that their practices are reflected in the documented procedures and policies. This can be achieved by mapping the relevant data flows and inventories  within the organisation. Organisation should also adopt an approach that is risk-based when establishing their Data Protection Management Programmed (DPMP).

03: Implementation

Organisations need to ensure that all employees embody, understand, and acknowledge the spirit of its PDPA posture. It is also important for the organisation to be ready to demonstrate that their DPM is run consistently and with robust support from the management.

04: Certification

Once the organisation is ready with the phases that were implemented previously, it can pursue the 6-step DPTM certification process:

01: Applying and registering for Data Protection Trustmark (via IMDA’s website)

02: Completing the self-assessment form

03: Appointing the assessment body

04: Conducting a desktop assessment

05: Conducting a site audit

06: Remediating based on the feedback of the assessment

Once the 6-step process has been completed, the organisation will be awarded the DPTM certification.

To successfully attain DPTM, it is recommended that organisations work with data protection service providers that:

  • Have done the process and have attained DPTM
  • Have provided professional services rendered by Fellow of Information Privacy
  • Have testimonials from clients

Credence Data Trust Rating System

The Credence Data Trust Rating System (also referred to as the Credence DTRS) is a data trust rating system. It was developed through a consortium of robust partnerships in the industry that spans across the whole value chain of a certification journey, across multiple disciplines, and across different geographies.

Companies that obtain Credence DTRS certifications can demonstrate to customers their accountability when it comes to handling personal data. It also assures regulators of the organisation’s compliance to the legislation. To their investors, it demonstrates their ability to meet best practices.

The Credence Data Trust Rating System Framework

Primary Data Trust Stakeholders for Enterprises

01: Regulators

02: Customers

03: Data Partners

04: Investors

Factors of Data Trust Stakeholders are Concerned About

01: Compliance to the law

02: Accountability of companies in putting the right processes and resources to act as guarantors of data that is entrusted to them by their partners and customers

03: Communications with customers, this includes external communications with data partners

04: Facilitating the rights of customers over data

05: Providing data security

Focus Areas to Comply with to Meet the Five Factors of Trust

01: Corporate governance

02: Data governance

03: Technology of data

Business Value Propositions to Obtain Credence Data Trust Ratings

01: Regulatory compliance

02: Consumer trust gaining business transactions

03: Internal operational efficiency

04: Greater data sharing

05: Assurance to both management and investors