How the Gap in the Data Protection Market is Addressed

What is being done to address this gap in the Data Protection market in Singapore?

24 Jun, 2021

Over the years, Singapore has progressively passed stricter data protection laws. Since the PDPA and DNC call registry rules went into effect in 2014, new National Registration Identity Card (NRIC) rules have since been introduced in the last year as well as the Public Sector Governance Act. The latter provides a consistent governance framework across public bodies in Singapore in terms of delivery services, including rules on data sharing. These developments have all contributed to the demand for data protection expertise locally.

To meet the immediate shortage, there have been several national initiatives in order to bring data protection capabilities and competencies, both to organisations and individuals. Straits Interactive and our partner, Singapore Management University Academy, have been very much part of these initiatives and currently offer the largest number of data protection courses in the region.


1. Data Protection as a Service for SMEs (DPaaS@SME)

The Personal Data Protection Commission (PDPC) has worked with selected data protection service providers to offer organisations the alternative of outsourcing the data protection function in DPaaS (Data Protection as a Service). It should be stressed that the responsibility still rests with the organisation owning the data. The list of service providers can be found here: https://www.pdpc.gov.sg/help-and-resources/2020/03/list-of-data-protection-service-providers

Straits Interactive is one of these providers and we differentiate ourselves from our other competitors by providing an end-to-end service including training, advisory, software and e-learning content.


2. Practitioner Certificate in Data Protection and Government Funded Data Protection Courses

Singapore, like many countries, has been rolling out national education curriculums for DPOs while also advocating a multi-disciplinary approach to data protection.

The PDPC has rolled out a local practitioner certificate course called Practitioner Certificate in Personal Data Protection, specially for DPOs to perform their roles and responsibilities. https://www.pdpc.gov.sg/help-and-resources/2019/04/practitioner-certificate-in-pdp-preparatory-course. Through SMU Academy, we are currently the number #1 training provider for this course where more than 1,000 DPOs have been trained since its inception two years ago.

Training courses are generously supported by the Singapore government, for example many of the courses are subsidised by the Critical Infocomm Technology Resource Programme Plus (CITREP+) from the Infocomm Media Development Authority of Singapore as well as under the SkillsFuture Singapore (SSG) initiatives.


3. Global Certification in Data Protection

Straits interactive was the first to introduce data protection related courses eligible for the above government funding such as the Data Protection Officer Hands-on course and more importantly, global professional certification courses from the IAPP such as The Certified Information Privacy Manager (CIPM) programme which is the world's first and only certification in personal data protection programme management. Straits Interactive is the official regional trainer partner of IAPP, the body of data protection and privacy professionals.


4. Professional Conversion Programme (PCP) for the Data Protection Officer

There is also the Professional Conversion Programme (PCP) for Data Protection Officers supported by Workforce Singapore (WSG) and SkillsFuture Singapore (SSG) which provides skills conversion to place and train PMETs in the role of a DPO.


5. Advanced Diploma in Data Protection and multiple adult learning courses

Recognising that Singapore can be a regional hub for data protection expertise for the region where data protection laws are new, Straits Interactive in our joint partnership with SMU Academy now provide a comprehensive roadmap for anyone interested to enhance their data protection skills at the personal or professional level. This series of courses bring the DPO from basic foundation to a more comprehensive understanding, thus facilitating a multi-disciplinary approach and enabling the learner to be better prepared for international certification. This includes an advanced certificate in data protection operational excellence as well as data protection principles leading to an advanced diploma in data protection, the first in the region.

We have since expanded our course offerings to cover wider management skills in governance, risk and compliance management.


6. Crisis Communications and Data Breach Management

With the new mandatory requirements for organisations to report a data breach to the regulator, we have since launched a pioneer course called Crisis Communications and Data Breach Management with veteran media consultants, Jill Neubronner and Sharon Tong, to train both organisations and individuals. Based on what we observe, many organisations in Singapore are not ready to handle a data breach both from a data protection as well as a crisis communications perspective. Hence, we have incorporated a blended learning approach where participants get to use data protection management software as part of their hands-on assignment as well as participate in a role play involving a data breach where they are scrutinised by the media.


7. Continual learning and the need for providers to curate the necessary training that would enhance the knowledge and skill in Data Protection

As with many professions, practitioners have to upgrade to keep pace and industry leaders will have to continue to source for courses, methods of learning and application to the industry practitioners. Data protection certification will need to be supplemented with quality management (in data protection and GRC) to enable data protection professionals to be more effective in their field.

It is with this background in mind that Straits Interactive is partnering PECB to launch a self-study programme for ISO courses relating to information security, governance, risk and compliance management to the region. PECB is an international certification body which provides education and certification under ISO/IEC 17024 for individuals on a wide range of international standards and disciplines. It will start off with online offerings of the ISO courses in data protection and governance, risk and compliance (GRC) management.


8. Building a regional eco-system for Data Protection

The pandemic situation may have helped to catalyse the expansion of training capacity. Straits Interactive has turned to delivering courses online as well as providing a hybrid of both in-person and online webinar type training to educate professionals on the importance of data protection. With the digital delivery of courses, we are not constrained by physical room space and thus able to train more DPOs.

The backbone of the different Data Protection guidelines are based on principles that are common across jurisdictions, as such it makes sense for data protection professionals to have a common language and understanding of the laws and practices. The data protection profession can be a regional or international network where professionals can advance their know-how in keeping up with development in digitisation and data flow. It is to this vision that Straits Interactive is facilitating to achieve.


To conclude, as part of our effort to address the bandwidth for the growing demand for DPO skills, Straits Interactive has created the region’s largest network of data protection officers and professionals by launching the Data Protection Excellence (DPEX) Network in partnership with our current partners and certification bodies which include several ASEAN universities such as De La Salle University (The Philippines), National Institute of Development Administration (Thailand), International Islamic University Malaysia and Telekom University (Indonesia)

As the dominant player in data protection in the region, we hope to combine our training expertise with our advisory services, software technology, e-learning content, and data protection platform to offer a one-stop solution to both corporate and individuals, while helping to professionalise the industry.



Article contributed by:
Kevin Shepherdson (FIP, CIPM, CIPP/A, CIPP/E, CIPT, GRCP), Leong Wai Chong (CIPM, GRCP)



Become a DPEX Community member to access
data protection resouces and discussions on pertinent topics now.

Access online / in-person courses and view past training records

Join lively discussions on pertinent data protection topics

Gain access to data protection research and video resources

Receive value-added data protection updates from the region


  Related Articles
What is the learning roadmap for those who wish t…

Thinking about enhancing your data protection competencies?Data Protection / DP…


What is the academic certificate route for a DPO?

In our DPEX Network Community, we recognise there is a diverse base of learners…


How can I expedite my learning in data protection…

With the rapid evolution of technology and digitalisation, it is evident that w…