top of page
DpaaS Main Page (Blur).jpg

What is
 Data Protection as-a-Service? 

An integrated bundle of Data Protection Services that enable your organisation to train your DPO and setup Data Protection Management and Data Breach Management Programmes while we provide outsourced advisory support towards operational compliance with data protection requirements,
(with option towards Data Protection Trustmark certification and more)
 Data Protection Training
Data Protection Training
Data Protection Management
Data Protection Management
Privacy Management Software
DPOinBOX Privacy Management Software
Data Breach Management
Data Breach Management
data protection Legal Guidance
Legal Guidance
data protection Advisory
Advisory Support

Data Protection as-a-Service Offerings

Click on the icons to go to the respective product page for each DPaaS offering
Premium Inhouse.png
DPaaS brochure_edited.jpg
Terms & Conditions apply
*Applicable to Singapore only
**Insurance brokered by Associated Insurance Broker (AIB). Applicable to Singapore and Malaysia only
Premium Support.png
Serves as a Support programme on top of the other DPaaS initiatives that provides outsourced advisory support for your DPO from a certified advisor for 12 monthsIncludes audit and review of data protection policies as well as choice of data protection training.
 Additional Service Options*: 
  1. Training Planning Management Briefings and Training Planning Staff Briefings and Trainings
  2. Legal Advisory Support hours
  3. Certified Advisory Support hours, Internal PDPA Compliance Audit Policies and SOPs updates and review
  4. In-house Implementation Projects
  5. Additional DPOInBOX Subscriptions
  6. Additional eLearning Subscriptions
*Only Available for Premium Support, Premium In-house and Trustmark as-a-Journey

Why choose 
Data Protection as-a-Service 
from Straits Interactive?


Why Us?


Our Data Protection as-a-Service includes training modules that are eligible for funding
(only for Singapore).
Contact us to learn more.


Legal hours from specialised data protection lawyers.


An integrated software tool for DPMP (vs spreadsheets used by competitors).


Full data protection capability and competency roadmap supported by the DPEX Network Community.


Support from the largest team of Certified Consultants.
All of them are CIPM Certified.


Free resources supported by the DPEX Network for access to the latest updates on data protection best practices, training, research and support.
5 key reasons_Roadmap.png
5 key reasons_Software.png
5 key reasons_Legal Hours.png
5 key reasons_support.png
  • What is the Data Protection Trustmark (DPTM) Certification?
    The Data Protection Trustmark (DPTM) certification is a voluntary 3-year certification owned and issued by Singapore’s Infocomm Media Development Authority (IMDA). Attaining the certification enables organisations in Singapore to publicly demonstrate accountable data protection practices.
  • Is it an international certification like ISO?
    It is a local enterprise-wide certification. However, organisations that have undergone or obtained ISO/IEC 27001 or 27701 certification may find it easier to attain DPTM as they have shown good information security and privacy management procedures.
  • Who is the Data Protection Trustmark (DPTM) issued by?
    The certification process is owned and administered by the Info-communications Media Development Authority (IMDA). For more information, you can visit the Data Protection Trustmark Certification - Infocomm Media Development Authority within IMDA’s website.
  • What are the key assessment requirements of the Data Protection Trustmark (DPTM)?
    Organisations shall have written documentation on policies, processes and practices for data protection and must also demonstrate that their data protection policies, processes and practices are implemented and practised on the ground. These are based on a set of robust and comprehensive criteria, such as: Trained Data Protection Officer and staff to handle their stakeholders’ personal data; Reasonable collection, use and disclosure of data with consent obtained and purpose made known; Appropriate measures for protection, retention and disposal of data; Provision of withdrawal of consent, and access and correction of data; and Appropriate measures to take in the event of data breach.
  • What are the key objectives of the Data Protection Trustmark (DPTM)?
    For organisations to demonstrate sound and accountable data protection practices; to provide a competitive advantage for businesses that are certified; to boost consumer confidence in organisations’ management of personal data; and to enhance and promote consistency in data protection standards across all sectors. Organisations can use the DPTM to increase their competitive advantage and build trust with their customers and stakeholders.
  • How long does it take to get the Data Protection Trustmark (DPTM)?
    As this is an external assessment by an IMDA-appointed assessment body, the length is very dependent on the strength and currency of your organisation’s existing Data Protection Management Programme (DPMP) and size of the organisation. The entire assessment and certification process (end to end) can be anywhere between 9 months months to a year.
  • Who qualifies for the Data Protection Trustmark (DPTM)?
    The DPTM can be applied for by organisations that have established a data protection regime to comply with the PDPA's obligations. The organisation must either (1) be incorporated or recognised under Singapore laws, or (2) be based in Singapore or have an office or place of business there, but it cannot be a public agency (as defined in the Personal Data Protection Act 2012).
  • What is the period of validity for the Data Protection Trustmark (DPTM) Certificate?
    The certificate will be valid for 3 years. Should organisations wish to undergo re-certification, it would need to re-apply at least 6 months from the date of expiry of the certification.
  • Is the Data Protection Trustmark (DPTM) recognised overseas?
    The DPTM is a local certification scheme recognised in Singapore. A mutual recognition of similar certifications may be explored by the PDPC, depending on regional developments.
  • Is this a data privacy certification for companies?
    Yes, it is recognised as an enterprise-wide data privacy certification that demonstrates compliance with the Personal Data Protection Act (PDPA).
  • If my organisation is a DPTM-certified organisation, will it absolve my company from regulatory financial penalties for breaches of the PDPA?
    No, being DPTM-certified does not mean your organisation is immune from data breaches or contraventions of the law. Being DPTM-certified simply means that your organisation has robust data protection practices and will count as a mitigating factor in the event of an investigation by the PDPC for a data breach or contravention of the PDPA.
bottom of page