Singapore’s Infocomm Media Development Authority (IMDA), that is driving Singapore’s transformation into a digital economy, today held its annual Personal Data Protection Seminar, themed “Powering Innovation Through Trust” – which highlights the significance of building trust to drive innovation

Minister for Communications and Information, S Iswaran, announced an open call for organisations to participate in a pilot for Singapore’s Data Protection Trustmark (DPTM) certification. This will help to finalise the DPTM framework and certification process, prior to its actual launch planned for the end-2018.

DPTM, which is based on the principles of the Personal Data Protection Act (PDPA) and administered by IMDA, enables organisations to use and display the DPTM logo in their business communications for the duration of the three-year certification. This will enable trust and confidence among consumers to immediately identify organisations that have strong data protection policies and practices in place and create a competitive advantage for the DPTM-certified companies.

In his opening address, Minister Iswaran also relayed the following details:

• Reviewing of the PDPA to ensure Singapore’s regulatory environment remains progressive, keeps pace with the changing needs of organisations and individuals in a digital economy and allow the legitimate use of data and data innovation while safeguarding individuals’ interests.
• Development of an ASEAN Digital Data Governance Framework, which, when completed in 2019 will enhance data management and facilitate uniform data regulations among ASEAN Member States. With greater harmonisation, organisations will find it clearer and easier to comply with data protection laws across ASEAN.
• Singapore is also participating in international mechanisms that facilitate cross-border data flows, such as the APEC Cross-Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) systems, so that certified organisations will find it easier to move data across borders in participating APEC economies.

---

IMDA and PDPC launch pilot for Data Protection Trustmark certification scheme 

Eight early adopters to test robustness of data protection framework. 

SINGAPORE – The Infocomm Media Development Authority (IMDA) and Personal Data Protection Commission (PDPC) launched an open call for organisations to participate in a pilot for Singapore’s Data Protection Trustmark (DPTM) certification. The scheme aims to foster sound, transparent and accountable data protection practices among Singaporebased organisations and was developed in consultation with the industry.

The open call was announced by Minister for Communications and Information, Mr S Iswaran, at the 6^th Personal Data Protection Seminar today. The pilot will help to finalise the DPTM framework and certification process, prior to the DPTM’s launch planned for end 2018.

Organisations certified under the DPTM scheme will be able to use and display a DPTM logo in their business communications for the duration of the certification, which is three years. The DPTM engenders trust and confidence among consumers as they will be able to immediately identify organisations that have in place data protection policies and practices that had been subject to independent assessment. This, in turn, provides a competitive advantage for these certified organisations.

“Businesses that can win their customers’ trust will be better able to thrive in today’s datadriven Digital Economy. Through Singapore’s Data Protection Trustmark, organisations can now visibly communicate the soundness of their data protection policies and practices to their customers and stakeholders. We are heartened to have a number of companies actively participating in the pilot programme and encourage the rest to come on board in the coming months,” said Mr Tan Kiat How, Chief Executive Officer of IMDA and Commissioner of the PDPC.

 

Assessment Bodies, Certification Process and Pilot Organisations

Three independent Assessment Bodies have been appointed by IMDA for the DPTM certification scheme. They are ISOCert, Setsco Services and TUV SUD PSB. They will assess if applicants’ data protection practices are aligned to DPTM certification requirements, which has been developed by the PDPC, and assist in identifying gaps that organisations should address.

The DPTM is open to all organisations based in Singapore. Interested organisations must first apply to IMDA. Upon acceptance of application by IMDA, organisations may then select an Assessment Body to conduct their certification assessment. Assessment fees – payable to the Assessment Bodies – start from $1,400. The bodies will submit their independent assessment to IMDA for review and approval. If satisfied, IMDA will then issue the DPTM certification.

For a start, eight organisations will be undergoing the pilot programme to help fine-tune the certification controls and processes. The organisations are:

• Carpe Diem @ ITE
• RedMart
• Chan Brothers Travel
• Singapore Telecommunications(Singtel) Limited
• DBS Bank
• Fullerton Healthcare Group
• Fullerton Systems and Services
• Tan Tock Seng Hospital Community Fund

Organisations that are interested to be part of the pilot are welcome to sign up by 30 September 2018. All participating organisations in the pilot programme will go through the full certification process. The DPTM certification awarded to these pilot organisations is official and remains valid even after the end of the pilot.

 

Alignment with international standards

While the DPTM is a Singapore trustmark, it also incorporates relevant international data protection principles, including that of the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data; and the APEC Privacy Framework.

This enables organisations to, in the future, more seamlessly attain both the DPTM and the APEC Cross Border Privacy Rules (CBPR) or Privacy Recognition for Processors (PRP) system certifications. Organisations certified under the APEC CBPR or PRP systems will enjoy another mechanism to legitimately transfer data across borders with other certified organisations operating in participating APEC economies.

 

DPTM certification enhances trust

Data-driven frontier technologies, such as Big Data analytics and Artificial Intelligence, are transforming today’s digital landscape, such as by optimising organisations’ operations through better understanding their customers’ preferences. Consumer trust is essential if organisations wish to effectively deploy such innovative and data-driven technology that makes use of personal data to deliver more personalised services.

Four in five individuals recently surveyed by the PDPC^[1] agreed that organisations that collect, use and disclose personal data ought to have strong data protection policies and practices. Moreover, two-thirds of respondents favoured an organisation that demonstrates a sound data protection regime.

Organisations, too, recognised data protection as an important criterion when selecting a vendor to manage personal data on their behalf, with nearly 80% of industry representatives surveyed by the PDPC^[2] noting that a data protection certification would significantly enhance brand image and boost consumer confidence.

[1] The PDPC surveyed 1,500 consumer individuals from February to March 2018.

[2] The PDPC surveyed more than 1,500 representatives from various sectors from February to April 2018.