Data Protection Essentials


The Data Protection Essentials (DPE) programme supports Small and Medium Enterprises (SMEs) in acquiring a basic level of data protection and security practices to protect their customers’ personal data and recover quickly in the event of a data breach.

Who is eligible?

1. A SME that:

a. is registered and operating in Singapore; and
b. has group annual sales turnover of not more than S$100 million per annum, or group employment size of not more than 200 employees.

2. A non-profit organisation (e.g. social service agency, charity, association) registered and operating in Singapore.

What does it entail?

Designed to be easy-to-implement, holistic and cost-effective, the DPE aims to support SMEs that are starting on their digitalisation journey and beginning to collect or use personal data as part of their business operations. The DPE has been customised to ensure business continuity, protect their customers’ personal data, and recover quickly from common cyber incidents.

The DPE helps SMEs put in place basic data protection and security practices, consisting of

For SMEs that are newly incorporated, or collect and use personal data For SMEs that collect and use personal data more intensively
  • Encryption and backup solutions through Start Digital Pack (under Cybersecurity category) 
    • Start Digital programme is currently undergoing an update and will be available shortly. For interest or queries, please email us at and we will follow up with you as soon as possible. 
  • SMEs can follow this guide (2.23MB) to configure Microsoft 365 and Google Workspace to minimise common data breach issues
  • One-time setup service on:
    • Accountability
    • Basic data security practices
    • Incident management
    • Communications & training 
    • 6-month review (desktop and phishing exercise)
  • 1-year retainer service (commences after completion of one-time setup service)

One-stop Professional Service


SMEs can build up basic data protection and security capabilities through a suite of professional service offered by service providers registered with IMDA:

  1. One-time setup service (inclusive of a 6-month review) covering the scope below; and
  2. 1-year retainer service  consisting of bi-annual review and refresher on policies, incident management and data protection/cyber hygiene practices (include desktop simulation). 

DPE scopeTemplates for one-stop professional service can be found here (2.83MB).

Cost and list of professional service providers

The cost of professional service starts from $2,300 for one-time setup (inclusive of a 6-month review). The retainer service cost will be advised by the service providers. SMEs can approach the following service providers for a quotation to confirm the actual fee.

DPE Service Provider Contact Person Contact No Email
CyberSafe Pte Ltd Dave Gurbani 8725 9789
RSM Singapore
Hoi Wai Khin
9450 2678
TRS Forensics Pte Ltd Tan Swee Wan 9755 7010

Please note:

  • SME should exercise its own due care and judgement in its selection of any provider.
  • IMDA is not a party to the contract between your organisation and the provider.
  • The provider is not an employee, worker, agent or partner of IMDA.
  • IMDA does not provide any guarantee in respect of and is not responsible for any service provided by the provider or any contract entered into with the provider.
  • Implementing the one-stop professional service does not signify that the SME will be fully compliant with the PDPA.

Grant support to eligible SMEs (1 April 2022 to 31 March 2023)

A fixed grant amount of $1,600 is available for eligible SMEs that

  • Successfully completed the implementation of DPE one-stop professional service (one-time setup inclusive of a 6-month review); and
  • Signed a minimum 1-year retainer service with the service provider.

To apply for the grant:

  1. Submit an online Grant Eligibility Declaration Form
  2. If eligible for the grant, engage DPE service provider to implement professional service
  3. Upon completion of one-stop professional service, submit claims to IMDA


The following entities do not qualify for this grant support:

  • Non-profit organisations (NPOs) including social service agencies (SSAs), charities and associations
    • Eligible SSAs and charities can consider applying to the National Council of Social Service’s (NCSS) Tech-And-GO! Initiative for funding support.
  • Religious entities
  • Government agencies and subsidiaries

Badge of recognition

Eligible SMEs that have implemented the one-stop professional service will be listed on IMDA’s website and awarded the DPE logo (terms and conditions apply (244.44KB)) as a recognition of their efforts to put basic data protection and security practices in place. In the event of a data breach under the Personal Data Protection Act (PDPA), the PDPC may consider an organisation’s implementation of the DPE as a mitigating factor.

For more details about DPE and the grant support, download the DPE information kit here (425.94KB).

Not sure how to start?

You can seek advice from CTO-as-a-Service for recommended DPE solutions and professional services.


You can also use CTO-as-a-Service to self-assess your digital readiness and access other supported solutions and resources to help you go digital, such as digital consultants for advisory and project management services.


Learn more at  

What's next for SMEs?

SMEs can strive towards getting the Data Protection Trustmark (DPTM) certification as they increase usage of data, as part of their data protection journey. The DPTM would help SMEs that are looking to build their brand with a third-party validation of their data protection regime which strengthens customer trust and increases their competitive edge. For more information about the DPTM, visit


For queries, please email to or call 6377 3800.

Explore related tags

Last updated on: 12 Aug 2022