Why Companies Should Consider the Data Protection Trustmark


In a case that was highly publicised, the personal information of over 1.5 million SingHealth patients was stolen during a massive cyber attack. The cyber attack occurred on the 21st of July 2018. A few days later, on the 25th of July, the Singapore government announced the Data Protection Trustmark or DPTM scheme.

Under the Data Protection Trustmark, firms based in Singapore have the option to be certified officially for their data protection measures. The DPTM certification will serve as an assurance to consumers and clients that their personal data are handled and protected accordingly.

DPTM Certification: All You Need to Know

Depending on the company, there are three assessment agencies that can assess the company’s data protection practices: TUV SUD PSB, Setsco Services, and ISOCert. Companies will be assessed based on four principles which incidentally, are developed by the Personal Data Protection Commission (PDPC).

  1. Governance and transparency
  2. Management of personal data
  3. Care of personal data
  4. Individuals’ rights

It is believed that the assessment requirements will incorporate principles in the OECD Guidelines and the APEC Privacy Framework. This means that if an organisation wants to attain other data protection certificates in the Asia-Pacific region, their DPTM certificate can help hasten the process.

Timeline, Cost, and Effective Duration

Before the DPTM certification was officially launched in 2018, organisations had the option to apply so they could participate in the pilot. Companies who had received their DPTM during the pilot stage would have a competitive advantage over others in the industry. They will also get the chance to help shape the official DPTM assessment requirements. The DPTM logo will last for three years.

The company will have to reapply after the logo expires. For now, the assessment fee ranges from $1,400 to $10,000 (excluding GST) depending on the organisation’s size.

Key Objectives of the DPTM Scheme

Below are the key objectives of the DPTM scheme:

  • So organisations can exhibit accountable and sound data protection practices.
  • To give certified businesses a competitive advantage.
  • To boost the confidence of consumers in the organisation’s management of their personal data.
  • To promote and enhance consistency in the standard for data protection across all sectors.

How Businesses Can Benefit from Getting DPTM Certification

It increases business competitiveness

A DPTM certification can show your customers that you have strong data protection practices and policies that can help ensure their personal data are protected. This can also help strengthen their reputation, foster confidence in the business, and build trust. It also raises the competitiveness of businesses locally and overseas.

It provides assurance to organisations

Third-party certification can help validate the organisation’s data protection regime. The certification will also increase the protection and data governance standards, enable organisation’s to mitigate risks, and uncover possible weaknesses.

Final Thoughts

The impact and scale of SingHealth’s personal data leak have significantly heightened people’s awareness of the importance of personal data protection. In addition, a survey of 1,500 consumers revealed that four out of five consumers want organisations to have robust data protection practices and policies if they will collect consumers’ personal information.

At least two-thirds of the respondents of the survey also indicated that they prefer organisations with sound data protection practices. Given all the factors stated above, the DPTM scheme can be very relevant if an organisation collects personal information from customers.