The Data Protection Trustmark (DPTM) is an organisational certification administered by IMDA (Infocomm Media Development Authority). One of the primary aims of the Data Protection Trustmark (DPTM) is to improve the data protection competencies of organisations based in Singapore.
The Data Protection Trustmark (DPTM) will also demonstrate that an organisation has sound data practices in place. That said, the Data Protection Trustmark (DPTM) is also a highly recognised means of demonstrating an organisation’s sound data protection practices.
DPTM is also considered a part of a roadmap that organisations can achieve systematically. The Data Protection Trustmark has four phases: governance, baseline, implementation, and certification.
01: Governance
A data protection (DP) office will be led by a Data Protection Officer (DPO). The team should be competent and trained when providing advice on matters related to personal data and the Personal Data Protection Act (PDPA).
02: Baseline
Organisations need to ensure that their practices are reflected in the documented procedures and policies. This can be achieved by mapping the relevant data flows and inventories within the organisation. Organisation should also adopt an approach that is risk-based when establishing their Data Protection Management Programmed (DPMP).
03: Implementation
Organisations need to ensure that all employees embody, understand, and acknowledge the spirit of its PDPA posture. It is also important for the organisation to be ready to demonstrate that their DPM is run consistently and with robust support from the management.
04: Certification
Once the organisation is ready with the phases that were implemented previously, it can pursue the 6-step DPTM certification process:
01: Applying and registering for Data Protection Trustmark (via IMDA’s website)
02: Completing the self-assessment form
03: Appointing the assessment body
04: Conducting a desktop assessment
05: Conducting a site audit
06: Remediating based on the feedback of the assessment
Once the 6-step process has been completed, the organisation will be awarded the DPTM certification.
To successfully attain DPTM, it is recommended that organisations work with data protection service providers that:
- Have done the process and have attained DPTM
- Have provided professional services rendered by Fellow of Information Privacy
- Have testimonials from clients
Credence Data Trust Rating System
The Credence Data Trust Rating System (also referred to as the Credence DTRS) is a data trust rating system. It was developed through a consortium of robust partnerships in the industry that spans across the whole value chain of a certification journey, across multiple disciplines, and across different geographies.
Companies that obtain Credence DTRS certifications can demonstrate to customers their accountability when it comes to handling personal data. It also assures regulators of the organisation’s compliance to the legislation. To their investors, it demonstrates their ability to meet best practices.
The Credence Data Trust Rating System Framework
Primary Data Trust Stakeholders for Enterprises
01: Regulators
02: Customers
03: Data Partners
04: Investors
Factors of Data Trust Stakeholders are Concerned About
01: Compliance to the law
02: Accountability of companies in putting the right processes and resources to act as guarantors of data that is entrusted to them by their partners and customers
03: Communications with customers, this includes external communications with data partners
04: Facilitating the rights of customers over data
05: Providing data security
Focus Areas to Comply with to Meet the Five Factors of Trust
01: Corporate governance
02: Data governance
03: Technology of data
Business Value Propositions to Obtain Credence Data Trust Ratings
01: Regulatory compliance
02: Consumer trust gaining business transactions
03: Internal operational efficiency
04: Greater data sharing
05: Assurance to both management and investors