Every day, consumers give their personal data to organisations for a myriad of purposes; and they expect their personal data to be used in a responsible and secured manner.
So how can they tell one responsible organisation apart from the other that cannot demonstrate good personal data protection practices? IMDA Singapore has introduced the Data Protection Trustmark (DPTM) certification as a gold standard for organisations to demonstrate accountable data protection practices. Organisations which attain this certification
Increase their competitive advantage with customers
Deliver assurance to their business partners
Reduce risk by improving data governance standards
As a DPTM-certified company, there is no better partner than Straits Interactive to help you on your DPTM journey to obtaining the gold standard of personal data governance. Not only will you get access to the largest team of internationally certified data protection experts in the region, but you will also benefit from the proven training programme and management tools such as DPOinBOX adopted by hundreds of organisations.
Let your journey with Data Protection TrustMark begin with us!
How It Works
We will help you develop a roadmap towards certification based on the maturity of your organisation’s data protection practices and guide you through each step of the way.
Start Your DPTM Journey Today!
Become the shining example in your industry. Start the race to achieve this gold standard of personal data governance with us!
UP TO 90% FUNDING AVAILABLE!
What You Can Expect
Guidance towards achieving DPTM Certification.
Two-day In-house Hands-on Training: Advanced Data Protection Techniques: Data Protection by Design, DPIA & DPTM*.
Advisory Services to achieve operational compliance with the PDPA*.
Software to implement your Data Protection Management Programme (DPMP).
DPTM Assessor Service to assess conformance to DPTM requirements.
The final objective is DPTM certification for your organisation in the most efficient, and productive way, in the shortest possible time – assisted by our DPOinBOX Data Protection as-a-Service Platform.
* For our Singapore clients, this service is run jointly with Singapore Management University) where the Course and Service Implementation is funded under the SkillsFuture Series. Singapore Citizens or Singapore Permanent Residents are eligible for 70% course fee funding (excluding GST) for successful enrollment into approved courses under the Programme. This funding is applicable to both individual and company sponsored participants. SMEs as well as Singapore Citizens aged 40 and above will enjoy 90% course fee funding (excluding GST). Conditions apply.
Upskill through training modules included in the DPaaS that are eligible for funding in Singapore.
Sit down with specialised data protection lawyers during given legal hours
Build a DPMP on an integrated software tool instead of static spreadsheets.
Walkthrough a full data protection capability and competency roadmap supported by the DPEX Network.
Get trusted support from the largest team of CIPM Certified consultants.
Access resources on the DPEX Network covering the latest updates in data protection, best practices, training, research and support.
What is the Data Protection Trustmark (DPTM) Certification?The Data Protection Trustmark (DPTM) certification is a voluntary 3-year certification owned and issued by Singapore’s Infocomm Media Development Authority (IMDA). Attaining the certification enables organisations in Singapore to publicly demonstrate accountable data protection practices.
Is it an international certification like ISO?It is a local enterprise-wide certification. However, organisations that have undergone or obtained ISO/IEC 27001 or 27701 certification may find it easier to attain DPTM as they have shown good information security and privacy management procedures.
Who is the Data Protection Trustmark (DPTM) issued by?The certification process is owned and administered by the Info-communications Media Development Authority (IMDA). For more information, you can visit the Data Protection Trustmark Certification - Infocomm Media Development Authority within IMDA’s website.
What are the key assessment requirements of the Data Protection Trustmark (DPTM)?Organisations shall have written documentation on policies, processes and practices for data protection and must also demonstrate that their data protection policies, processes and practices are implemented and practised on the ground. These are based on a set of robust and comprehensive criteria, such as: Trained Data Protection Officer and staff to handle their stakeholders’ personal data; Reasonable collection, use and disclosure of data with consent obtained and purpose made known; Appropriate measures for protection, retention and disposal of data; Provision of withdrawal of consent, and access and correction of data; and Appropriate measures to take in the event of data breach.
What are the key objectives of the Data Protection Trustmark (DPTM)?For organisations to demonstrate sound and accountable data protection practices; to provide a competitive advantage for businesses that are certified; to boost consumer confidence in organisations’ management of personal data; and to enhance and promote consistency in data protection standards across all sectors. Organisations can use the DPTM to increase their competitive advantage and build trust with their customers and stakeholders.
How long does it take to get the Data Protection Trustmark (DPTM)?As this is an external assessment by an IMDA-appointed assessment body, the length is very dependent on the strength and currency of your organisation’s existing Data Protection Management Programme (DPMP) and size of the organisation. The entire assessment and certification process (end to end) can be anywhere between 9 months months to a year.
Who qualifies for the Data Protection Trustmark (DPTM)?The DPTM can be applied for by organisations that have established a data protection regime to comply with the PDPA's obligations. The organisation must either (1) be incorporated or recognised under Singapore laws, or (2) be based in Singapore or have an office or place of business there, but it cannot be a public agency (as defined in the Personal Data Protection Act 2012).
What is the period of validity for the Data Protection Trustmark (DPTM) Certificate?The certificate will be valid for 3 years. Should organisations wish to undergo re-certification, it would need to re-apply at least 6 months from the date of expiry of the certification.
Is the Data Protection Trustmark (DPTM) recognised overseas?The DPTM is a local certification scheme recognised in Singapore. A mutual recognition of similar certifications may be explored by the PDPC, depending on regional developments.
Is this a data privacy certification for companies?Yes, it is recognised as an enterprise-wide data privacy certification that demonstrates compliance with the Personal Data Protection Act (PDPA).
If my organisation is a DPTM-certified organisation, will it absolve my company from regulatory financial penalties for breaches of the PDPA?No, being DPTM-certified does not mean your organisation is immune from data breaches or contraventions of the law. Being DPTM-certified simply means that your organisation has robust data protection practices and will count as a mitigating factor in the event of an investigation by the PDPC for a data breach or contravention of the PDPA.