3 key reasons to strive for the Data Protection Trustmark (DPTM)

Designed in accordance with Singapore's Personal Data Protection Act (PDPA) and taking into account benchmarks and best practices from around the world, the Data Protection Trustmark (DPTM) was launched by the Infocomm Media Development Authority (IMDA) in January 2019. DPTM is one of the steps that an organisation can take to prove their data protection credentials.

In this article, we discuss the three key reasons why organisations should strive for IMDA’s Data Protection Trustmark.

Business Opportunities

From a business perspective, the Data Protection Trustmark is increasingly mentioned in government tenders and contracts as a requirement to demonstrate accountability and compliance with Singapore’s Personal Data Protection Act (PDPA). This is aligned with Singapore’s efforts in building a digital economy and trusted data hub simultaneously.

Businesses that use DPTM when bidding for government tenders or business contracts stand out from the crowd because it shows external due diligence has been performed on their business operations. In fact, if the DPTM certification is a requirement, organisations may not even be able to enter the bidding round, which can in turn severely affect business viability.

As data protection laws continue to develop and with new ones being rapidly implemented, I expect this to be an essential evaluation consideration especially for business activities involving cross-border transfers. In fact, China is the latest to have announced its own Personal Information Protection Law slated to go live in November 2021. While the convergence will likely take time, it is without a doubt that compliance with a framework administered by a national regulator would place organisations in a much more advantageous position when bidding for projects.

Credible review of the organisation’s data protection capability

Aside from that, the DPTM is a good base to adopt for internal audit objectives. As part of the DPTM certification process, an external assessment body is appointed to review an organisation's data protection practices to ensure the organisation fulfils the DPTM requirements by demonstrating with evidence that its data protection policies and processes are documented, implemented and practiced.

From my experience, there is a growing interest at the boardroom level for data protection compliance, with that coming mainly from the Audit and Risk Committee. Hence, companies should consider adopting the DPTM framework as the basis or work towards attaining and sustaining the DPTM as a good practice. This would also be a more efficient allocation of resources when planning for annual reviews and internal reporting to the board, the shareholders, staff and other stakeholders.

Symbol of Trust

Lastly, the DPTM is a good indicator and symbol of trust recognisable to regulators in instances of investigations, corporate clients for due diligence and auditing purposes and consumers to demonstrate the reliability of the organisation.

In investigations by regulators i.e., the Personal Data Protection Commission (PDPC), the DPTM can potentially assist an organisation to demonstrate that it has validated data protection management practices. This could facilitate the investigation and possibly empower an organisation to apply for the expedited or even undertaking route, potentially shortening the process by a few months to even a full year.

For corporate clients, the DPTM is the most recognised third-party certification that helps to provide validation of an organisation’s data protection practices. If your organisation is a third-party vendor or a service provider, the DPTM positions you as a trusted vendor and would surely hasten the due diligence process. In fact, a PDPC survey conducted in 2018 showed that 4 in 5 organisations would choose to partner with organisations that manage personal data within the organisation appropriately.

In the same 2018 PDPC survey, two in three customers are more willing to purchase from a reliable organisation as they are assured that a DPTM-certified organisation has implemented robust data protection practices to safeguard their personal data. It is a signal of commitment towards their consumer privacy which forms the basis of a long-term trust-based relationship. In other words, the DPTM helps to foster confidence in the business and possibly generate loyalty to the organisation.

Interested in the DPTM but not too sure about the commitment to get there? Contact me here for a complimentary chat.

Stay tuned for more upcoming DPTM content and read more on my other DPTM article about three reasons why organisations may get stuck in the DPTM quest and three tips on how to break free.

Article by:
Loke Qian Li, (FIP, CIPM, CIPP/E, CIPP/A, GRCP)

Qian Li was a practising Data Protection Officer before joining Straits Interactive. He has assisted companies along the entire journey towards attaining the DPTM. He currently leads the Fellows of Information Privacy (FIP) Affinity Group globally.

The views and opinions expressed in this article are those of the author and do not necessarily reflect the official view or position of DPEX Network.