IMDA fosters data protection practices with new scheme

The Infocomm Media Development Authority (IMDA) and Personal Data Protection Commission (PDPC) have launched an open call for organisations to join a pilot for Singapore’s Data Protection Trustmark (DPTM) certification scheme. This was aimed to foster sound, transparent and accountable data protection practices among Singapore-based organisations and was developed in consultation with the industry.

The DPTM is open to all organisations based in Singapore. Interested organisations must first apply to IMDA. The steps require IMDA’s approval of the application which then allows organisations to select an assessment body to conduct its certification assessment. The bodies will submit their independent assessment to IMDA for review, which will then IMDA approve and issue the DPTM certification.

The eight organisations that will be undergoing the pilot programme to help fine-tune the certification controls and processes include DBS Bank, RedMart, SingTel, Carpe Diem @ ITE, Chan Brothers Travel, Fullerton Healthcare Group and Fullerton Systems and Services, as well as Tan Tock Seng Hospital Community Fund.



The pilot will finalise the DPTM framework and certification process, prior to the DPTM’s launch planned for end of 2018.

The DPTM certification assists organisations in deploying data-driven technology that makes use of personal data to deliver more personalised services. In addition, organisations certified under the DPTM scheme will be able to use and display a DPTM logo in their business communications for the three years the certification is due for.

Consumers who use the DPTM scheme will be able to identify organisations that have in place data protection policies and practices that had been subject to independent assessment. This, in turn, provides a competitive advantage for these certified organisations.

“Businesses that can win their customers’ trust will be better able to thrive in today’s data-driven Digital Economy. Through DPTM, organisations can now visibly communicate the soundness of their data protection policies and practices to their customers and stakeholders,” Tan Kiat How, chief executive officer of IMDA and commissioner of the PDPC said.

“We are heartened to have a number of companies actively participating in the pilot programme and encourage the rest to come on board in the coming months,” he added.

IMDA has also appointed three assessment bodies, ISOCert, Setsco Services and TUV SUD PSB, to assess applicants’ data data protection practices aligns with the DPTM certification requirements. The requirements had been developed by the PDPC, which assists in identifying gaps that organisations should address.