Obtaining the Data Protection Trustmark – What Does it Say About Your Organisation?


The Info-comm Media Development Authority of Singapore or IMDA launched the Data Protection Trustmark (DPTM) to strengthen and improve the level of standard data protection practices in Singapore. 

Nowadays, organisations can also apply for the DPTM if they want to sharpen their current data protection policies and practices qualifications. Attaining the DPTM will serve as a testament of the organisation’s reliable data protection practices.

DPTM Objectives

The IMDA  rolled out DPTM with  the following objectives in mind:

  1. So organisations could demonstrate accountable and sound data protection practices.
  2. To promote and enhance consistency in data protection standards across all sectors.
  3. To provide certified businesses with a competitive advantage.
  4. To boost the confidence of consumers in the organisations’ management of their personal data.

For Data Protection Officers (DPOs), there are three primary reasons why organisations/businesses should pursue DPTM for their organisation:

  1. To set the right standard when preparing for a regional compliance programme.
  2. To serve as a competitive advantage in tender considerations.
  3. To aim for a high level of data protection excellence as a dependable organisation.

DPTM: Badge for Accountable and Responsible Data Protection Practices

The DPTM is an enterprise-wide certification that’s designed to gauge the processes, policies, and practices within the organisation. The DPTM was also designed based on the Personal Data Protection Act. It also integrates the best elements and practices of international benchmarks.

The DPTM also functions as a public-facing badge. In other words, DPTM-certified companies and organisations can prove they have sound and effective data protection practices in place. Understandably, organisations with the DPTM will have a competitive  business advantage.

A 2019 Perception and Awareness survey conducted by PDPC revealed that two in three consumers often prefer buying from DPTM-certified businesses. Not only that, four in five firms also prefer doing business with a company or organisation that is DPTM-certified.

Also, a third party certification like the DPTM provides internal assurance in the organisation as it can help uncover any data protection practices that need improvement. 

Achieving the DPTM: What It Will Take

The DPTM self-assessment is based on the following principles:

  • Governance and Transparency
  • Management of Personal Data
  • Care of Personal Data
  • Individuals’ Rights

For organisations that are new to Data Protection and have yet to create a baseline in relation to the PDPA, they can get in touch with the PDPC’s List of Data Protection Service Providers for help with DPTM readiness.

The final assessment and awarding of the DPTM is conducted by the Assessment Body  (AB) appointed. The Assessment Body will also function as an independent body that will assess if the data protection practices of the organisation conforms to the DPTM requirements.

At times, organisations and businesses are hesitant to obtain the DPTM certification, believing that if a breach happens after they have been certified, their efforts will be nullified. Fortunately, the opposite is true. The DPTM will be considered a mitigating factor by the PDPC.

How Organisations Can Apply for DPTM

Application is done online. You just need to prepare your Entity Profile and follow the instructions when it comes to submitting required documents. The organisation will also be given a self-assessment form to complete. From there, they can approach any IMDA-appointed Assessment Bodies to get a quotation of the assessment fees.

Once the AB has been appointed, the AB will be the one to arrange for an on-site verification for the organisation. The organisation is also given the opportunity to do remediation work. They are given two months to rectify any non-compliance items.