What You Need to Know About Data Protection Trustmark Certification

For organisations in Singapore that want to demonstrate accountability in their data protection practices, there is one certification they should obtain – the Data Protection Trustmark (DPTM) certification. The DPTM certification also establishes a solid data governance standard so businesses can increase their competitive advantage and build customer trust.

The Data Protection Trustmark certification will also serve as a clear indicator that the organisation adopts sound data protection practices. The DPTM Certification framework was developed based on aligning and adapting it with Singapore’s Personal Data Protection Act (PDPA). It also incorporates elements of international best practices and benchmarks.

DPTM Objectives

The Info-comm Media Development Authority of Singapore (IMDA) launched the DPTM with the following objectives in mind:

To help organisations demonstrate accountable and sound data protection practices.
To promote and enhance consistency in data protection standards across various sectors.
To provide certified businesses with a competitive advantage.
To boost confidence of consumers in the management of personal data by the organisations.

For Data Protection Officers (DPOs), there are three primary reasons why organisations should pursue a DPTM certification:

To set a standard and prepare for a regional compliance programme.
To function as competitive advantage in tender considerations.
To aim for a high level of data protection excellence as a trusted organisation.

How a DPTM Certification Can Benefit Businesses

A DPTM certification can benefit businesses in several ways. Below are two of the most notable:

Increase business competitiveness

Obtaining a DPTM certification will show customers that an organisation/business has robust data protection practices and policies in place so their personal data are protected.

A DPTM certification can also help strengthen the organisation’s reputation, build trust, and foster confidence in the business. It also improves business competitiveness both locally and overseas.

Provides assurance to the organisation

Third-party certifications like the DPTM certification can help provide a validation of your data protection regime. The certification will also increase data protection and governance standards and uncover potential weaknesses so the organisation can take the necessary steps to mitigate the risks.

How to Get Started

If your organisation has already put in place practices and policies that comply with the PDPA, you are ready to take the first step and become DPTM certified.

Start your DPTM certification journey by applying online at www.imda.gov.sg/dptm. You then pay the application fee.
IMDA will inform you if your application has been accepted or rejected. If accepted, you will receive a Self-Assessment Form from IMDA. You can refer to the IMDA website for the contact details of the DPTM panel of Assessment Bodies. You can pick one Assessment Body to carry out the assessment of your organisation’s data protection practices and policies.
The assessment stages are the following:

Review of the documentation
On-site assessment
Remediation (if needed)
Completion of the assessment
Assessment report to be submitted by the Assessment Body to the IMDA

The IMDA will award the DPTM certification to eligible organisations. The certification will be valid for 3 years. Organisations should apply for the re-certification at least 6 months from the date of the expiry of the certification.

If the organisation is new to Data Protection and has yet to establish a baseline in relation to the Personal Data Protection Act (PDPA), they can get in touch with the Data Protection Service Providers for assistance so they can prepare for DPTM readiness.

The Assessment Body (AB) will also act as an independent body to assess the data protection practices of the organisation and check if it conforms with the DPTM requirements.