The Data Protection Essentials (DPE) programme supports Small and Medium Enterprises (SMEs) in acquiring a basic level of data protection and security practices to protect their customers’ personal data and recover quickly in the event of a data breach.
Who is eligible?
1. A SME that:
a. is registered and operating in Singapore; and
b. has group annual sales turnover of not more than S$100 million per annum, or group employment size of not more than 200 employees.
2. A non-profit organisation (e.g. social service agency, charity, association) registered and operating in Singapore.
What does it entail?
Designed to be easy-to-implement, holistic and cost-effective, the DPE aims to support SMEs that are starting on their digitalisation journey and beginning to collect or use personal data as part of their business operations. The DPE has been customised to ensure business continuity, protect their customers’ personal data, and recover quickly from common cyber incidents.
The DPE helps SMEs put in place basic data protection and security practices, consisting of
|For SMEs that are newly incorporated, or collect and use personal data||For SMEs that collect and use personal data more intensively|
|SECURITY SOLUTIONS||ONE – STOP PROFESSIONAL SERVICE|
One-stop Professional Service
SMEs can build up basic data protection and security capabilities through a suite of professional service offered by service providers registered with IMDA:
- One-time setup service (inclusive of a 6-month review) covering the scope below; and
- 1-year retainer service consisting of bi-annual review and refresher on policies, incident management and data protection/cyber hygiene practices (include desktop simulation).
Templates for one-stop professional service can be found here (2.83MB).
Cost and list of professional service providers
The cost of professional service starts from $2,300 for one-time setup (inclusive of a 6-month review). The retainer service cost will be advised by the service providers. SMEs can approach the following service providers for a quotation to confirm the actual fee.
|DPE Service Provider||Contact Person||Contact No|
|CyberSafe Pte Ltd||Dave Gurbani||8725 firstname.lastname@example.org|
||Hoi Wai Khin
|TRS Forensics Pte Ltd||Tan Swee Wan||9755 email@example.com|
- SME should exercise its own due care and judgement in its selection of any provider.
- IMDA is not a party to the contract between your organisation and the provider.
- The provider is not an employee, worker, agent or partner of IMDA.
- IMDA does not provide any guarantee in respect of and is not responsible for any service provided by the provider or any contract entered into with the provider.
- Implementing the one-stop professional service does not signify that the SME will be fully compliant with the PDPA.
Grant support to eligible SMEs (1 April 2022 to 31 March 2023)
A fixed grant amount of $1,600 is available for eligible SMEs that
- Successfully completed the implementation of DPE one-stop professional service (one-time setup inclusive of a 6-month review); and
- Signed a minimum 1-year retainer service with the service provider.
To apply for the grant:
- Submit an online Grant Eligibility Declaration Form
- If eligible for the grant, engage DPE service provider to implement professional service
- Upon completion of one-stop professional service, submit claims to IMDA
The following entities do not qualify for this grant support:
Badge of recognition
Eligible SMEs that have implemented the one-stop professional service will be listed on IMDA’s website and awarded the DPE logo (terms and conditions apply (244.44KB)) as a recognition of their efforts to put basic data protection and security practices in place. In the event of a data breach under the Personal Data Protection Act (PDPA), the PDPC may consider an organisation’s implementation of the DPE as a mitigating factor.
For more details about DPE and the grant support, download the DPE information kit here (425.94KB).
Not sure how to start?
You can seek advice from CTO-as-a-Service for recommended DPE solutions and professional services.
You can also use CTO-as-a-Service to self-assess your digital readiness and access other supported solutions and resources to help you go digital, such as digital consultants for advisory and project management services.
Learn more at
What's next for SMEs?
SMEs can strive towards getting the Data Protection Trustmark (DPTM) certification as they increase usage of data, as part of their data protection journey. The DPTM would help SMEs that are looking to build their brand with a third-party validation of their data protection regime which strengthens customer trust and increases their competitive edge. For more information about the DPTM, visit www.imda.gov.sg/dptm.
For queries, please email to firstname.lastname@example.org or call 6377 3800.