To help businesses increase their competitive advantage and build consumer trust, IMDA has launched the Data Protection Trustmark (DPTM) certification to help organisations demonstrate sound and accountable data protection practices.
The Data Protection Trustmark (DPTM) is a voluntary enterprise-wide certification for organisations to demonstrate accountable data protection practices. The DPTM will help businesses increase their competitive advantage and build trust with their clients.
The directory of DPTM-certified organisations can be found here (357.57KB) (updated 22 Aug 2019).
To learn more:
Who can apply?
Organisations that have put in place a data protection regime to comply with the obligations of the PDPA can apply for DPTM.
They should be either (1) formed or recognised under the laws of Singapore, or (2) resident, or having an office or a place of business, in Singapore, and in any case, not a public agency (as defined in the Personal Data Protection Act 2012).
Upon submission of the application, the Applicant Organisation is bound by the Terms of Agreement (571.68KB) of the DPTM scheme.
Application fee* of $535 (inclusive of GST) is payable to IMDA. Assessment fee, ranges between $1,400 to $10,000 plus prevailing GST, is payable to the Assessment Body.
To encourage organisations to take up more than one certification (i.e. DPTM, CBPR and PRP), one application fee of $535 (inclusive of GST) is payable to IMDA when organisations apply for multiple certifications in a single application process.
*Application fee is waived for SMEs and Non-profit Organisations (NPOs) till 31 December 2019.
The Assessment Body (AB) acts as an independent body to assess that an organisation’s data protection practices conform to the DPTM requirements. An organisation may select any of the following three ABs:
DPTM Certification Requirements and Support Details
The DPTM Certification Framework was developed based on adopting and aligning it with Singapore’s PDPA and incorporating elements of international benchmarks and best practices.
- Overview of Certification Requirements (289.82KB)
- DPTM Checklist for Organisations (527.99KB) (updated 21 Jun 2019)
Eligible organisations can consider applying to Enterprise Singapore (ESG) or National Council of Social Services (NCSS) to seek support for some of the costs for DPTM certification and consultancy services. Details on the criteria and application process can be found below:
Professional Consultancy Services:
Organisations can refer to the List of Data Protection Service Providers if they wish to engage professional consultancy services to prepare them for the DPTM certification.