How to become a data protection officer through PCP?


How to become a data protection officer through PCP?

The data protection laws in many countries require organisations handling personal data to appoint a Data Protection Officer, Singapore included. The Singapore PDPC (Personal Data Protection Commission) states that

"All organisations, including sole proprietors and non-profit organisations, must appoint at least one person as the Data Protection Officer (DPO). The DPO function is management’s responsibility and, ideally, the appointed DPO should be part of the management team, or at least have a direct line to management. The operational DPO functions, however, may be delegated to one or a few employees, or outsourced to a service provider. …"

This is a “new profession”, which arose because of the law enforced in 2014 resulting in an apparent shortage of skilled professionals. Designated DPOs need to manage the data protection programme of the organisation and that requires skill and bandwidth

Shortage of Talent

In a scan of job recruitment advertisements in Q3 of 2020, DPEX Network found that in just one month there were 245 job advertisements recruiting staff for data protection roles even as business slowed down due to COVID-19. This is 106% increase over last year and seems to be a continuation of a trend for the demand for DPOs.

In another survey conducted amongst DPOs, the shortage of DPOs is indicated by the incidence of poaching. One in five experienced DPOS have been approached to join another organisation because of their data protection skill.

Organisations do not have to resort to poaching talents. There is a pool of potential mid-career professionals with work experience who can be trained to fit into the role.

The PCP Programme in Singapore

The Singapore government initiated the programme to facilitate Professionals, Managers, Executives and Technicians (PMETs), including mid-career switchers, to undergo skills conversion and move into new occupations or sectors that have good prospects and opportunities for progression. It allows for:

  • Place-and-Train: PMET is hired by a participating employer before undergoing training to take on new job role.
  • Attach-and-Train: PMET is provided with training and work attachments, in advance of job placement, through industry partners in growth sectors with good future job opportunities.
  • Redeployment / Job Redesign (JR) Reskilling: PMET at risk of redundancy in vulnerable job roles is retained by existing employers and reskilled training to take on new job roles within the same company.

SMU's PCP-Data Protection Officer with SSG is under the Place-and-Train Programme only. This means that PCP-DP Candidates must be full-time new hires (within 3 months of employment start date) by the PCP-DP participating organisations.

Companies hiring a Data Protection Officer can now apply under the PCP scheme. This includes “combo” roles which include traditional job functions – HR, Marketing, IT, etc. Individuals must carry the DPO title in their designation. The PCP will provide funding to companies with salary support and course fees support.

A Boost for Organisations that are Resource-Stretched

This initiative provides the leg-up for Singapore organisations facing constraints in financial and skilled manpower resource. It is designed to help SMEs and any Singapore-registered company lower the costs of hiring and preparing new staff (PCP-DP candidate) with data protection skills to develop and implement safeguards around processing personal data - the PCP-DP will help SMEs acquire their own data protection expertise. Operations can be in Singapore or overseas.

Meeting the Shortage – A Programme by SMU and Straits Interactive 

SMU's (Singapore Management University) SkillsFuture Series in Data Analytics, Cybersecurity and Tech-Enabled Services supports the Professional Conversion Programme by jointly delivering the training with Straits Interactive to re-skill or upskill mid-career professionals into DPOs.

All approved eligible PCP-DP candidates will agree to undergo a 6-month specialised on-the-job training (OJT) where they will need to attend 12 days Advanced Certificate programme in Data Protection, worth S$12,000 (before GST). Both the company and candidate shall agree to go through the PCP-DP for one year in order to complete the implementation of a Data Protection Management Programme (DPMP) in the company. 

The PCP-DP will provide funding to hiring companies with salary support, and course fees support for the PCP-DP candidates. As businesses are opening up with mass vaccination against COVID-19, this is an opportunity for PPP – Public, Private Partnership working together to bring about benefit for all parties.

Do visit the Learning page/s for the competency roadmaps available.

by Leong Wai Chong, CIPM, GRCP

The views and opinions expressed in this article are those of the author and do not necessarily reflect the official view or position of DPEX Network.

Become a DPEX Community member to access
data protection resouces and discussions on pertinent topics now.

Access online / in-person courses and view past training records


Join lively discussions on pertinent data protection topics


Gain access to data protection research and video resources


Receive value-added data protection updates from the region

Related Articles