What is DPTM? What does it entail for Singapore businesses? All these questions might probably be running in your mind. Let’s go deeper with understanding what DPTM is, and with that, we have found an article reference from ZELEGAL.
Singapore’s New Data Protection Trustmark (DPTM)
Well, let’s refer to this as the Data Protection Trustmark Certification. In a heavily publicized case, personal information of more than 1.5 million patients of SingHealth was stolen in a massive cyberattack on 21 July 2018. A few days later, on 25 July, the Singapore government announced the Data Protection Trustmark (DPTM) scheme, under which Singapore-based firms will be able to get officially certified for their data protection measures. The certification will assure clients or consumers that their personal data is being securely handled. So what exactly are the DPTM certification requirements and why might it concern your company?
The Assessment Process
Depending on the company’s choice, one of the three following assessment agencies will be assessing the company’s data protection practice: ISOCert, Setsco Services, or TUV SUD PSB. The company will be judged based on four principles developed by the Personal Data Protection Commission (PDPC): governance and transparency, management of personal data, care of personal data, and individuals’ rights. Each principle has a few components, as set out in the overview of certification requirements published with the government’s official announcement on 25 July. Details of the components can be found here: Overview of DPTM Cert Controls.
The PDPC will further refine these assessment requirements based on feedback the Commision receives during the pilot program, which will last until the official DPTM scheme launches at the end of this year. Currently, eight companies, including DBS Bank, RedMart, and Singtel, have signed up to be a part of the pilot.
The assessment requirements are also said to incorporate principles in the APEC Privacy Framework and OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. This means that if your company hopes to attain other data protection certificates in the Asia-Pacific region after attaining the DPTM certificate, having the DPTM will facilitate that process. The DPTM alone, however, is a local certificate, only applicable to Singapore-based firms and recognized within Singapore.
The Cost, Timeline, and Effective Duration
Prior to the certificate’s official launch in 2018, companies can apply to participate in the pilot. There are two reasons why your company might consider doing so. First, if your company passes the assessment, it could attain the DPTM earlier. The certificate will remain effective after the pilot period, giving your company a competitive edge over others in your industry who might be late to the assessment process. Second, it potentially gives your company a chance to shape the official DPTM assessment requirements.
The DPTM logo lasts for three years, and the company will need to reapply after the logo expires. The assessment fee will range from $1,400 to $10,000, excluding GST, depending on the size of your organization.