Compliance with the PDPA involves implementing robust data security safeguards, transparency in data practices, and ensuring that data handling processes are aligned with regulatory expectations to promote a trustworthy digital environment.
What is a Data Protection Trustmark (DPTM) Certification?
DPTM is a voluntary based certification launched by Infocomm Media Development Authority (IMDA) to promote the implementation of sound data protection policies and practices within organisations. Becoming a DPTM certified company allows your business to build trusting stakeholder relationships through demonstrating greater control over the personal data collected. Furthermore, this third-party certification can add value to your business with the provision of independent assurance for your company’s data protection compliance. Any organisations based in Singapore are welcome to apply for DPTM certification.
How to apply for DPTM certification?
Applicants will need to assess its readiness with the DPTM certification checklist to make sure that all the documented policies and processes are put in place. Once it’s ready, applicants can proceed to submit the online application form to IMDA.
Applicants will need to assess its readiness with the DPTM certification checklist to make sure that all the documented policies and processes are put in place. Once it’s ready, applicants can proceed to submit the online application form to IMDA.
Appointed AB will review the completed Self-Assessment Form and arrange for on-site assessment. Applicants will have to rectify any non-compliance and bridge the gap by having appropriate measures in place within the timeframe provided.
IMDA will evaluate the assessment report submitted by AB and decide whether to grant the applicants with DPTM certification. The entire DPTM assessment process will take around 3 to 5.5 months to complete.
What are the key principles to be covered in the data protection policies and processes?
- Establishment of comprehensive data protection policies and practices.
- Incident handling and response plan.
- Appointment of Data Protection Officer (DPO).
- Adequate training for all relevant parties.
- Clear purpose of data collection.
- Consent for data collection, storage, disclosure and retention.
- Appropriate use and disclosure of personal data.
- Data security measures.
- Proper data retention and disposal policies.
- Verification and correction of records.
Withdrawal of consent.
Handling data access and correction requests.
What is the cost of DPTM application?
- Application fee payable to IMDA: S$535 (inclusive of GST).
- Assessment fee payable to the appointed AB: subject to the quotation provided by the AB.
To find out more on how we can assist in your journey to becoming a DPTM-certified company, Contact us today!
