Do you have the trust of your customers?

Data Protection Trustmark DPTM

Trustmark-Journey-as-a-Service for your Data Protection Trustmark needs

Every day, consumers give their personal data to organisations for a myriad of purposes; and they expect their personal data to be used in a responsible and secured manner. 

So how can they tell one responsible organisation apart from the other that cannot demonstrate good personal data protection practices? IMDA Singapore has introduced the Data Protection Trustmark (DPTM) certification as a gold standard for organisations to demonstrate accountable data protection practices. Organisations which attain this certification 

  • Increase their competitive advantage with customers

  • Deliver assurance to their business partners

  • Reduce risk by improving data governance standards


As a DPTM-certified company, there is no better partner than Straits Interactive to help you on your DPTM journey to obtaining the gold standard of personal data governance. Not only will you get access to the largest team of internationally certified data protection experts in the region, but you will also benefit from the proven training programme and management tools such as DPOinBOX  adopted by hundreds of organisations. 


Let your journey with Data Protection TrustMark begin with us!  

How It Works

We will help you develop a roadmap towards certification based on the maturity of your organisation’s data protection practices and guide you through each step of the way.




Data Protection Trustmark DPTM process

Get Started Today!

DPTM certification process

Become the shining example in your industry. Start the race to achieve this gold standard of personal data governance with us!


DPTM Advisory & Service Implementation

  1. Guidance towards achieving DPTM Certification.

  2. Two-day In-house Hands-on Training: Advanced Data Protection Techniques: Data Protection by Design, DPIA & DPTM*.

  3. Advisory Services to achieve operational compliance with the PDPA*.

  4. Software to implement your Data Protection Management Programme (DPMP). 

  5. DPTM Assessor Service to assess conformance to DPTM requirements.

The final objective is DPTM certification for your organisation in the most efficient, and productive way, in the shortest possible time – assisted by our DPOinBOX Data Protection-as-a-Service Platform.


* For our Singapore clients, this service is run jointly with Singapore Management University) where the Course and Service Implementation is funded under the SkillsFuture Series.  Singapore Citizens or Singapore Permanent Residents are eligible for 70% course fee funding (excluding GST) for successful enrollment into approved courses under the Programme. This funding is applicable to both individual and company sponsored participants. SMEs as well as Singapore Citizens aged 40 and above will enjoy 90% course fee funding (excluding GST). Conditions apply.


Why Us?


Our Data Protection as-a-Service includes Training modules which are up to 90% government-funded (only for Singapore).
Terms and Conditions will apply.


Legal hours from specialised data protection lawyers


An integrated software tool for DPMP (vs spreadsheets used by competitors)


Full data protection capability and competency roadmap supported by the DPEX Network Community


Support from the largest team of Certified Consultants. All of them are CIPM Certified


Free resources supported by the DPEX Network for access to the latest updates on data protection best practices, training, research and support.
5 key reasons_support.png
5 key reasons_Legal Hours.png
5 key reasons_Software.png
DPEX_logo_high-res (1).png
5 key reasons_Roadmap.png
5 key reasons_90_.png

Data Protection-as-a-Service Offerings

Click on the icons to go to the respective product page for each DPaaS offering
Premium Inhouse.png
Click here for more info
Terms & Conditions apply
*Applicable to Singapore only
**Insured by Delta Insurance, brokered by Associated Insurance Broker (AIB). Applicable to Singapore and Malaysia only

Frequently asked questions

What is the Data Protection Trustmark (DPTM) Certification?

The Data Protection Trustmark (DPTM) certification is a voluntary 3-year certification owned and issued by Singapore’s Infocomm Media Development Authority (IMDA). Attaining the certification enables organisations in Singapore to publicly demonstrate accountable data protection practices.

Is it an international certification like ISO?

It is a local enterprise-wide certification. However, organisations that have undergone or obtained ISO/IEC 27001 or 27701 certification may find it easier to attain DPTM as they have shown good information security and privacy management procedures.

Who is the Data Protection Trustmark (DPTM) issued by?

The certification process is owned and administered by the Info-communications Media Development Authority (IMDA). For more information, you can visit the Data Protection Trustmark Certification - Infocomm Media Development Authority within IMDA’s website.

What are the key assessment requirements of the Data Protection Trustmark (DPTM)?

Organisations shall have written documentation on policies, processes and practices for data protection and must also demonstrate that their data protection policies, processes and practices are implemented and practised on the ground. These are based on a set of robust and comprehensive criteria, such as:

  • Trained Data Protection Officer and staff to handle their stakeholders’ personal data;
  • Reasonable collection, use and disclosure of data with consent obtained and purpose made known;
  • Appropriate measures for protection, retention and disposal of data;
  • Provision of withdrawal of consent, and access and correction of data; and
  • Appropriate measures to take in the event of data breach.

What are the key objectives of the Data Protection Trustmark (DPTM)?

For organisations to demonstrate sound and accountable data protection practices;

  • to provide a competitive advantage for businesses that are certified;
  • to boost consumer confidence in organisations’ management of personal data; and
  • to enhance and promote consistency in data protection standards across all sectors.

Organisations can use the DPTM to increase their competitive advantage and build trust with their customers and stakeholders.

How long does it take to get the Data Protection Trustmark (DPTM)?

As this is an external assessment by an IMDA-appointed assessment body, the length is very dependent on the strength and currency of your organisation’s existing Data Protection Management Programme (DPMP) and size of the organisation. The entire assessment and certification process (end to end) can be anywhere between 9 months months to a year.

Who qualifies for the Data Protection Trustmark (DPTM)?

The DPTM can be applied for by organisations that have established a data protection regime to comply with the PDPA's obligations. The organisation must either (1) be incorporated or recognized under Singapore laws, or (2) be based in Singapore or have an office or place of business there, but it cannot be a public agency (as defined in the Personal Data Protection Act 2012).

What is the period of validity for the Data Protection Trustmark (DPTM) Certificate?

The certificate will be valid for 3 years. Should organisations wish to undergo re-certification, it would need to re-apply at least 6 months from the date of expiry of the certification.

Is the Data Protection Trustmark (DPTM) recognised overseas?

The DPTM is a local certification scheme recognised in Singapore. A mutual recognition of similar certifications may be explored by the PDPC, depending on regional developments.

Is this a data privacy certification for companies?

Yes, it is recognised as an enterprise-wide data privacy certification that demonstrates compliance with the Personal Data Protection Act (PDPA).

If my organisation is a DPTM-certified organisation, will it absolve my company from regulatory financial penalties for breaches of the PDPA?

No, being DPTM-certified does not mean your organisation is immune from data breaches or contraventions of the law. Being DPTM-certified simply means that your organisation has robust data protection practices and will count as a mitigating factor in the event of an investigation by the PDPC for a data breach or contravention of the PDPA.