The Infocomm Media Development Authority (IMDA)
and Personal Data Protection Commission (PDPC) announced
the launch of an open call for organisations
to participate in a pilot for Singapore’s Data Protection Trustmark (DPTM)
certification.
The scheme aims to foster sound,
transparent and accountable data protection practices among Singapore-based organisations and was developed in consultation
with the industry.
The open call was announced by Minister for
Communications and Information, Mr S
Iswaran, at the 6th Personal Data Protection Seminar on Wednesday,
25 July 2018.
The pilot will help to finalise the DPTM framework and certification
process, prior to the DPTM’s launch
planned for late 2018. Organisations certified under the DPTM scheme will be able to use and display a
DPTM logo in their business communications for the duration of the
certification, which is three years.
The DPTM engenders trust and confidence
among consumers as they will be able to immediately identify organisations that have in place data
protection policies and practices that had been subject to independent
assessment. This, in turn, provides a competitive advantage for these certified
organisations.
Mr Tan Kiat How, Chief Executive Officer of IMDA and Commissioner of
the PDPC stated that Singapore’s Data Protection Trustmark will enable organisations to visibly communicate the
soundness of their data protection policies and practices to their customers
and stakeholders.
Three independent Assessment Bodies have
been appointed by IMDA for the DPTM certification scheme. They are ISOCert, Setsco Services, and TUV SUD PSB.
They will assess if applicants’ data
protection practices are aligned to DPTM certification requirements, which has
been developed by the PDPC and assist in
identifying gaps that organisations
should address.
The DPTM is open to all organisations based in Singapore. Interested organisations must first apply to IMDA,. If
accepted, organisations may then select
an Assessment Body to conduct their certification assessment.
Assessment fees – payable to the Assessment
Bodies – start from $1,400.
The bodies will submit their independent
assessment to IMDA for review and approval. If satisfied, IMDA will then issue
the DPTM certification.
Currently, eight organisations have registered to undergo the pilot programme to
help fine-tune the certification controls and processes.
Organisations that are interested to be
part of the pilot are must sign up by 30 September 2018. All participating organisations in the pilot programme will go
through the full certification process. The DPTM certification awarded to these
pilot organisations is official and
remains valid even after the end of the pilot.
While the DPTM is a Singapore trustmark, it also incorporates relevant
international data protection principles, including that of the OECD Guidelines
on the Protection of Privacy and Transborder Flows of Personal Data; and the
APEC Privacy Framework.
This enables organisations to, in the future, more seamlessly attain both the
DPTM and the APEC Cross Border Privacy Rules (CBPR) or Privacy Recognition for
Processors (PRP) system certifications.
Organisations certified under the APEC CBPR
or PRP systems will enjoy another mechanism to legitimately transfer data
across borders with other certified organisations
operating in participating APEC economies.
Data-driven frontier technologies, like Big
Data analytics and Artificial Intelligence, are transforming today’s digital
landscape by optimising organisations’ operations through better
understanding their customers’ preferences.
Consumer trust is essential if organisations wish to effectively deploy such
innovative and data-driven technology that makes use of personal data to
deliver more personalised services.
Four in five individuals recently surveyed
by the PDPC agreed that organisations
that collect, use and disclose personal data ought to have strong data
protection policies and practices.
Moreover, two-thirds of respondents favoured an organisation
that demonstrates a sound data protection regime.
Organisations, too, recognised data protection as an important criterion when selecting
a vendor to manage personal data on their behalf, with nearly 80% of industry
representatives surveyed by the PDPC noting that a data protection
certification would significantly enhance brand image and boost consumer
confidence.