How a Consultant Can Help You Speed Up Your Data Protection Trustmark Project

Often, consumers provide their personal data to organisations for various purposes. Understandably, they expect their personal data to be used in a secured and responsible manner. So how can they easily tell a responsible organisation from the rest? How can they tell if an organisation has good personal data protection practices?

IMDA Singapore created the Data Protection Trustmark (DPTM) certification. The DPTM certification is considered a gold standard for organisations that want to prove they have accountable data protection practices. Organisations that have the DPTM certification can:

  • Increase their competitive advantage
  • Provide assurance to their business partners
  • Minimise risk by improving the data governance standards

Organisations that want to get certified can invest in DPTM consultancy to get help with impact assessments, data breach management plans, and policies. A DPTM consultancy also provides help with staff training so they are educated on both DPTM and PDPA requirements.

How Consultants Can Help With DPTM Certification

Consultants can also help organisations on their DPTM journey by giving them access to effective management tools and training programmes like DPOinBox. Consultants can also help organisations create a roadmap and guide them every step of the way.

Baseline

Consultants help organisations establish a baseline in terms of the maturity of the data protection processes and policies related to the PDPA.

Implementation

Consultants can help assess gaps and help organisations demonstrate accountable and sound data protection practices.

DPTM

Consultants can provide guidance on the DPTM preparation and requirements.

Answers to Frequently Asked Questions About DPTM

If you need help and guidance with the DPTM basics, consultants can also provides answers to frequently asked questions about DPTM. For starters:

What is the DPTM certification?

The DPTM Trustmark is a 3-day voluntary certification that is issued by the Infocomm Media Development Authority (IMDA). The DPTM certification allows Singapore organisations to showcase accountable data protection practices.

Is DPTM an international certification?

DPTM is a local enterprise-wide certification. Organisations that have attained the ISO/IEC 27001 or 27701 certification may find attaining a DPTM certification easier as they have already demonstrated good privacy management procedures and good information security.

What are the primary assessment requirements of the DPTM?

Organisations are required to have a written documentation of their data protection practices, processes, and policies. They need to also demonstrate that their data protection practices, policies, processes are practiced and implemented on the ground. It should also be based on a comprehensive and robust criteria, such as:

  • Trained Data Protection Officer (DPO) and staff that will handle the personal data of the stakeholders
  • Reasonable use, disclosure, and collection of data with consent (purpose should also be made known)
  • Appropriate measures for the retention, protection, and disposal of data
  • Provision of withdrawal of access, correction, and consent of data
  • Appropriate measures in the event of a data breach

What are some of the key objectives of DPTM?

The following are some of the primary objectives of DPTM:

  • For organisations to demonstrate accountable and sound data protection practices
  • For organisations to have a competitive advantage
  • To boost the confidence of consumers in the organisation’s management of personal data
  • Promote and enhance consistency in terms of data protection standards across all sectors

Organisations can use the DPTM to build trust with stakeholders and consumers and increase their competitive advantage.

How long will it take for organisations to attain the DPTM certification?

Since the DPTM certification is an external assessment by an IMDA-appointed assessment body, the length will vary. Often, it will depend on the organisation’s current Data Protection Management Programme (DPMP) and its size. Typically, the whole certification and assessment process will take anywhere between 9 months to a year from start to finish.