The Data Protection Trustmark Certification is part of advancing Singapore’s digital economy as a trusted hub, Infocomm Media Development Authority (IMDA) has launched the DPTM certification to help organizations demonstrate accountable and responsible data protection practices.
The DPTM (Data Protection Trustmarks Certification) will strengthen your reputation, build trust and foster confidence for your business.
We believe in the near future, only DPTM Certified Companies will be allowed to do business with the Singapore Government. Eg. Gebiz.
The first step to be a DPTM Certified Company is to carry out an initial assessment on the Company’s operations based on the DPTM (Data Protection Trustmarks) criteria.
First draft of the Data Inventory Map (DIM) will analyse the data involved and data flow of the business processes.
In order to prepare the Company for DPTM (Data Protection Trustmarks) compliance, Privacy Ninja will conduct a one day session of DPTM Awareness Training for the Company’s employees.
The training will cover the DPTM (Data Protection Trustmarks) criteria and obligations of the PDPA.
Conduct Vulnerability Assessment Penetration Testing (VAPT) and Data Protection Impact Assessment (DPIA), to determine the Company’s data breach management plan and address any data protection risks identified.
Design and develop the documentation for the Data Protection Management Programme
Conduct implementation training on the documented Data Protection Management Programme.
Prepare the Company for the full implementation of the documented DPMP.
Personnel with the responsibility to establish and implement the system will be given appropriate briefings.
Assist the Company in conducting the first Internal Audit to monitor and evaluate the overall implementation.
The Internal Audit will verify the compliance of the actual practices to the documented DPMP.
There is no specific business or industry sector that must apply for the DPTM certification. However, all companies are highly encouraged to do so, to demonstrate Data Protection accountability to stakeholders and increase competitive edge. DPTM Certified Companies would definitely have an edge over the other companies when bidding for government contracts.
Yes! Singapore companies can apply up to 80% funding support under the Enterprise Development Grant (EDG) offered by Enterprise Singapore (ESG), under standards adoption section to become a DPTM Certified Company.
IMDA has also waived the application fee for SMEs and NPOs till December 31, 2020.
In our experience, companies that have existing data protection culture at the workplace typically undergo a seamless transformation to be DPTM (Data Protection Trustmarks) certified company. If you know that your organization is lacking in many areas, the process will not be harder, just longer. This exercise will in fact enable your organization to become PDPA compliant when you attain the DPTM (Data Protection Trustmarks) certification.
The total duration depends on a few factors. If a company is applying for funding support under EDG, the consultancy project cannot commence until a Letter of Offer is presented by ESG, this wait time is typically 4 to 8 weeks. The project duration itself varies across every company, depending on what is already implemented and remediating what is lacking. Companies should expect about six months thereabout to become a DPTM Certified Company.
Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!