Privacy Ninja

Data Protection Trustmark - Demonstrating Accountability & Responsibility

Data Protection Trustmark Readiness Consultancy

The Data Protection Trustmark Certification is part of advancing Singapore’s digital economy as a trusted hub, Infocomm Media Development Authority (IMDA) has launched the DPTM certification to help organizations demonstrate accountable and responsible data protection practices.

The DPTM (Data Protection Trustmarks Certification) will strengthen your reputation, build trust and foster confidence for your business.

We believe in the near future, only DPTM Certified Companies will be allowed to do business with the Singapore Government. Eg. Gebiz.


An Initiative by


Certification Logo


Data Protection Trustmarks Certification Preparation


System Assessment​

The first step to be a DPTM Certified Company is to carry out an initial assessment on the Company’s operations based on the DPTM (Data Protection Trustmarks) criteria. First draft of the Data Inventory Map (DIM) will analyse the data involved and data flow of the business processes.


DPTM (Data Protection Trustmarks) Awareness Training

In order to prepare the Company for DPTM (Data Protection Trustmarks) compliance, Privacy Ninja will conduct a one day session of DPTM Awareness Training for the Company’s employees. The training will cover the DPTM (Data Protection Trustmarks) criteria and obligations of the PDPA.


Identify, Assess, Manage​

Conduct Vulnerability Assessment Penetration Testing (VAPT) and Data Protection Impact Assessment (DPIA), to determine the Company’s data breach management plan and address any data protection risks identified.


Develop DPMP (Data Protection Management Programme) - 3Ps​

Design and develop the documentation for the Data Protection Management Programme Conduct implementation training on the documented Data Protection Management Programme.


Impleblogmentation of DPMP (Data Protection Management Programme)blog

Prepare the Company for the full implementation of the documented DPMP. Personnel with the responsibility to establish and implement the system will be given appropriate briefings.


Internal Audit on DPMP​

Assist the Company in conducting the first Internal Audit to monitor and evaluate the overall implementation. The Internal Audit will verify the compliance of the actual practices to the documented DPMP.

Benefits of being a DPTM (Data Protection Trustmarks) Certified Organization

Demonstrate Data Protection Accountability

Through the DPTM (Data Protection Trustmarks), your organization can now visibly communicate the soundness of your data protection policies and practices to your customers and stakeholders.

Increase your Competitive Advantage

In today’s data-driven digital economy, consumer trust is essential to deploy innovative technology that makes use of personal data to deliver more personalised services.

Provide Assurance to your Organization

Having third-party certification can provide assurance to your organization because it helps to provide validation of its data protection practices.

Frequently Asked Questions


What kind of businesses should apply?

There is no specific business or industry sector that must apply for the DPTM certification. However, all companies are highly encouraged to do so, to demonstrate Data Protection accountability to stakeholders and increase competitive edge. DPTM Certified Companies would definitely have an edge over the other companies when bidding for government contracts.


Is there any funding support available?

Yes! Singapore companies can apply up to 80% funding support under the Enterprise Development Grant (EDG) offered by Enterprise Singapore (ESG), under standards adoption section to become a DPTM Certified Company.
IMDA has also waived the application fee for SMEs and NPOs till December 31, 2020.


Is it difficult to be DPTM (Data Protection Trustmarks) certified?

In our experience, companies that have existing data protection culture at the workplace typically undergo a seamless transformation to be DPTM (Data Protection Trustmarks) certified company. If you know that your organization is lacking in many areas, the process will not be harder, just longer. This exercise will in fact enable your organization to become PDPA compliant when you attain the DPTM (Data Protection Trustmarks) certification.


How long does it take to be Data Protection Trustmarks certified?

The total duration depends on a few factors. If a company is applying for funding support under EDG, the consultancy project cannot commence until a Letter of Offer is presented by ESG, this wait time is typically 4 to 8 weeks. The project duration itself varies across every company, depending on what is already implemented and remediating what is lacking. Companies should expect about six months thereabout to become a DPTM Certified Company.


Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.

Powered by WhatsApp Chat

× Chat with us