Data Protection Trustmark Certification – Is it Really Necessary for an Organisation?

Back in July 2018, the personal information of over 1.5 million SingHealth patients was stolen during a massive and highly publicised cyber attack. Days later, the Singapore government announced the DPTM or Data Protection Trustmark scheme. 

Under the Data Protection Trustmark, firms based in Singapore have the option to be officially certified for their data protection measures. The DPTM certification will act as an assurance to clients and consumers that their personal data are protected and handled accordingly. 

DPTM Scheme Key Objectives

Some of the key objectives of the DPTM scheme include:

  • Ensuring organisations can exhibit sound and accountable data protection practices.
  • Give a competitive advantage to certified businesses.
  • Boost consumers’ confidence in how organisations manage their personal data.
  • Promoting and enhancing consistency in the standard for data protection across various sectors.

The Importance of Getting a DPTM Certification

A DPTM certification will exhibit that you have robust data protection policies and practices. This gives consumers peace of mind knowing their personal data are protected. A DPTM certification also fosters confidence in business, builds trust, and helps strengthen the reputation of the business.

Third party certifications like the DPTM can help businesses and organisations validate their data protection regime. The certification also increases the protection and data protection standards. This helps organisations mitigate any risks and uncover likely weaknesses.

In essence, the Info-comm Media Development Authority of Singapore (IMDA) launched the Data Protection Trustmark Certification when they recognised the need for education when it comes to organisational compliance and transparency.

When organisations receive the DPTM, they can demonstrate their adeptness in data protection, improve consumer confidence, and provide a competitive advantage over all the other conversations.

What It Takes to Achieve the DPTM

The DPTM self-assessment is based on the following principles:

  1. Governance and Transparency
  2. Management of Personal Data
  3. Care of Personal Data
  4. Individuals’ Rights

If the organisation is new to data protection and they have not established a baseline in relation to the Personal Data Protection Act (PDPA) yet, it is recommended that you check the PDPC’s list of Data Protection Service Providers for help to prepare for DPTM readiness. 

After all the preparation, the final assessment Body (AB) will act as an independent body to check the organisation’s data protection practices. This is important to assess if the organisation’s data protection practices conforms with the DPTM requirements.

At times, organisations are discouraged from getting the DPTM certification as they are worried that if a breach occurs after the certification period, their efforts are nullified. Fortunately, there is no truth to this. The Personal Data Protection Commission (PDPC) will see the DPTM certification as a mitigating factor.

Undoubtedly, organisations and businesses are moving into an absolutely new world and the landscape is far from familiar in terms of data protection. Fortunately, data and compliance experts have been working hard to be on top of the developments and are more than willing to share their knowledge with other organisations.