Data Protection Trustmark Certification
As part of advancing the digital economy strategy to allow Singapore to stand out as a trusted data hub with a well-developed data ecosystem that supports competition and innovation as well as the cross-border flow of data, the PDPC has developed the Data Protection Trustmark (DPTM) Certification to help organisations verify their conformance to personal data protection standards and best practices.
The key objectives of the certification are:
for organisations to demonstrate sound and accountable data protection practices;
to enhance and promote consistency in data protection standards across all sectors;
to provide a competitive advantage for businesses that are certified; and
to boost consumer confidence in organisations’ management of personal data.
The benefits to being DPTM-certified:
Provides Assurance to Your Organisation: Third-party certification helps to provide validation of your organisation’s data protection regime. The certification will increase your data governance and protection standards, uncover potential weaknesses and enable your organisation to take steps to mitigate risks.
Increases Business Competitiveness: Obtaining DPTM certification demonstrates to your customers that you have robust data protection policies and practices in place to safeguard their personal data. This will help strengthen your reputation, build trust and foster confidence in your business, raising your business competitiveness both locally and overseas.
The DPTM certification is valid for 3 years and organisations will need to apply for re-certification prior to its expiry.
The certification will be officially rolled out by the end of 2018, after IMDA and PDPC finalise its process and framework following the pilot programme. Entities certified under the DPTM scheme will be able to use and display a DPTM logo in their business communications during the three-year validity of the certificate. They will first have to apply to IMDA for the certification, after which they can select one of three independent bodies to conduct an assessment.
The assessment bodies are ISOCert, Setsco Services and TUV SUD PSB. Assessment fees, which will be paid to these bodies, start from $1,400.
In a joint statement, IMDA and PDPC said the DPTM would give entities a competitive advantage as it would allow consumers to identify organisations that have in place independently assessed data protection policies and practices.
The DPTM, which applies only to organisations based in Singapore, also incorporates relevant international data protection principles such as the Asia-Pacific Economic Cooperation (Apec) Privacy Framework.
This will allow organisations with the DPTM certification to more seamlessly attain international certification and gives them another mechanism to legitimately transfer data across borders to other certified organisations in participating Asia-Pacific economies, said IMDA and PDPC.
Speaking at the 6th Personal Data Protection Seminar on Wednesday at the Raffles City Convention Centre, Minister for Communications and Information S. Iswaran said that when it comes to data protection, Singapore cannot rely on laws such as the Personal Data Protection Act alone. Organisations, he added, must develop a culture of accountability to build consumer trust.
Said Mr Iswaran, who is also Minister-in-charge of Cyber Security: "While the Government will do its part to facilitate innovative and accountable data use, we strongly encourage organisations to put in place measures to do the same."
Eight companies are already undergoing the pilot programme, including Singtel, DBS Bank, RedMart and Fullerton Healthcare Group. Commenting on last week's SingHealth data breach, which was Singapore's worst cyber attack, Mr Iswaran reiterated in his speech on Wednesday that the PDPC will take into account the Committee of Inquiry's report in its assessment of any appropriate action to be taken. He also said Singapore will not stop with its Smart Nation efforts. "We have started our Smart Nation journey, and we will continue to move forward to seize opportunities afforded by technology even as we strengthen our systems, so as to build and sustain trust that we have painstakingly built up over the years," he said.
Organisations that want to participate in the pilot can sign up by Sept 30.
News courtesy: IMDA & The Straits Times