IMDA and PDPC launch pilot for Data Protection Trustmark certification scheme

IMDA and PDPC launch pilot for Data Protection Trustmark certification scheme

The Infocomm Media Development Authority (IMDA) and Personal Data Protection Commission (PDPC) launched an open call for organisations to participate in a pilot for Singapore’s Data Protection Trustmark (DPTM) certification.

In a joint statement on Wednesday (25 July), the authorities stated that the scheme aims to foster sound, transparent and accountable data protection practices among Singapore based organisations and was developed in consultation with the industry.

The open call was announced by Minister for Communications and Information, Mr S Iswaran, at the 6th Personal Data Protection Seminar on Wednesday, saying that the pilot will help to finalise the DPTM framework and certification process, prior to the DPTM’s launch planned for end 2018.

The authorities stated that organisations certified under the DPTM scheme will be able to use and display a DPTM logo in their business communications for the duration of the certification, which is three years.

The DPTM engenders trust and confidence among consumers as they will be able to immediately identify organisations that have in place data protection policies and practices that had been subject to independent assessment. This, in turn, provides a competitive advantage for these certified organisations.

“Businesses that can win their customers’ trust will be better able to thrive in today’s data driven Digital Economy. Through Singapore’s Data Protection Trustmark, organisations can now visibly communicate the soundness of their data protection policies and practices to their customers and stakeholders. We are heartened to have a number of companies actively participating in the pilot programme and encourage the rest to come on board in the coming months,” said Mr Tan Kiat How, Chief Executive Officer of IMDA and Commissioner of the PDPC.

IMDA has appointed three independent Assessment Bodies for the DPTM certification scheme, which are ISOCert, Setsco Services and TUV SUD PSB.

“They will assess if applicants’ data protection practices are aligned to DPTM certification requirements, which has been developed by the PDPC, and assist in identifying gaps that organisations should address,” it noted.

The authorities noted that the DPTM is open to all organisations based in Singapore, saying that interested organisations must first apply to IMDA. Upon acceptance of application by IMDA, organisations may then select an Assessment Body to conduct their certification assessment.

According to the statement, assessment fees – payable to the Assessment Bodies – start from $1,400. The bodies will submit their independent assessment to IMDA for review and approval. If satisfied, IMDA will then issue the DPTM certification.

For a start, eight organisations will be undergoing the pilot programme to help fine-tune the certification controls and processes, which are Carpe Diem @ ITE, Chan Brothers Travel, DBS Bank, Fullerton Healthcare Group, Fullerton Systems and Services, RedMart, Singapore Telecommunications Limited (Singtel), and Tan Tock Seng Hospital Community Fund.

The authorities stated that organisations that are interested to be part of the pilot are welcome to sign up by 30 September 2018.

All participating organisations in the pilot programme will go through the full certification process. The DPTM certification awarded to these pilot organisations is official and remains valid even after the end of the pilot.

Authorities stated that while the DPTM is a Singapore trustmark, it also incorporates relevant international data protection principles, including that of the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data; and the APEC Privacy Framework.

“This enables organisations to, in the future, more seamlessly attain both the DPTM and the APEC Cross Border Privacy Rules (CBPR) or Privacy Recognition for Processors (PRP) system certifications. Organisations certified under the APEC CBPR or PRP systems will enjoy another mechanism to legitimately transfer data across borders with other certified organisations operating in participating APEC economies,” they noted.

They then stated that data-driven frontier technologies, such as Big Data analytics and Artificial Intelligence, are transforming today’s digital landscape, such as by optimising organisations’ operations through better understanding their customers’ preferences. Consumer trust is essential if organisations wish to effectively deploy such innovative and data-driven technology that makes use of personal data to deliver more personalised services.

According to the authorities, four in five individuals recently surveyed by the PDPC1 agreed that organisations that collect, use and disclose personal data ought to have strong data protection policies and practices. Moreover, two-thirds of respondents favoured an organisation that demonstrates a sound data protection regime.

“Organisations, too, recognised data protection as an important criterion when selecting a vendor to manage personal data on their behalf, with nearly 80% of industry representatives surveyed by the PDPC 2 noting that a data protection certification would significantly enhance brand image and boost consumer confidence,” they added.

Notify of
Inline Feedbacks
View all comments