Last updated: 13 March 2023

Published on: 23 July 2018


Eight early adopters to test robustness of data protection framework

Singapore - 25 July, 2018: The Infocomm Media Development Authority (IMDA) and Personal Data Protection Commission (PDPC) launched an open call for organisations to participate in a pilot for Singapore’s Data Protection Trustmark (DPTM) certification. The scheme aims to foster sound, transparent and accountable data protection practices among Singapore-based organisations and was developed in consultation with the industry.

The open call was announced by Minister for Communications and Information, Mr S Iswaran, at the 6th Personal Data Protection Seminar today. The pilot will help to finalise the DPTM framework and certification process, prior to the DPTM’s launch planned for end-2018.

Organisations certified under the DPTM scheme will be able to use and display a DPTM logo in their business communications for the duration of the certification, which is three years. The DPTM engenders trust and confidence among consumers as they will be able to immediately identify organisations that have in place data protection policies and practices that had been subject to independent assessment. This, in turn, provides a competitive advantage for these certified organisations.

"Businesses that can win their customers’ trust will be better able to thrive in today’s data-driven Digital Economy. Through Singapore’s Data Protection Trustmark, organisations can now visibly communicate the soundness of their data protection policies and practices to their customers and stakeholders. We are heartened to have a number of companies actively participating in the pilot programme and encourage the rest to come on board in the coming months," said Mr Tan Kiat How, Chief Executive Officer of IMDA and Commissioner of the PDPC.

Assessment Bodies, Certification Process and Pilot Organisations

Three independent Assessment Bodies have been appointed by IMDA for the DPTM certification scheme. They are ISOCert, Setsco Services and TUV SUD PSB. They will assess if applicants’ data protection practices are aligned to DPTM certification requirements, which has been developed by the PDPC, and assist in identifying gaps that organisations should address.

The DPTM is open to all organisations based in Singapore. Interested organisations must first apply to IMDA. Upon acceptance of application by IMDA, organisations may then select an Assessment Body to conduct their certification assessment. Assessment fees – payable to the Assessment Bodies – start from $1,400. The bodies will submit their independent assessment to IMDA for review and approval. If satisfied, IMDA will then issue the DPTM certification.

For a start, eight organisations will be undergoing the pilot programme to help fine-tune the certification controls and processes. The organisations are:

  • Carpe Diem @ ITE;
  • Chan Brothers Travel;
  • DBS Bank;
  • Fullerton Healthcare Group;
  • Fullerton Systems and Services;
  • RedMart;
  • Singapore Telecommunications Limited (Singtel); and
  • Tan Tock Seng Hospital Community Fund.

Organisations that are interested to be part of the pilot are welcome to sign up by 30 September 2018. All participating organisations in the pilot programme will go through the full certification process. The DPTM certification awarded to these pilot organisations is official and remains valid even after the end of the pilot.

Alignment with international standards

While the DPTM is a Singapore trustmark, it also incorporates relevant international data protection principles, including that of the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data; and the APEC Privacy Framework.

This enables organisations to, in the future, more seamlessly attain both the DPTM and the APEC Cross Border Privacy Rules (CBPR) or Privacy Recognition for Processors (PRP) system certifications. Organisations certified under the APEC CBPR or PRP systems will enjoy another mechanism to legitimately transfer data across borders with other certified organisations operating in participating APEC economies.

DPTM certification enhances trust

Data-driven frontier technologies, such as Big Data analytics and Artificial Intelligence, are transforming today’s digital landscape, such as by optimising organisations’ operations through better understanding their customers’ preferences. Consumer trust is essential if organisations wish to effectively deploy such innovative and data-driven technology that makes use of personal data to deliver more personalised services.

Four in five individuals recently surveyed by the PDPC1 agreed that organisations that collect, use and disclose personal data ought to have strong data protection policies and practices. Moreover, two-thirds of respondents favoured an organisation that demonstrates a sound data protection regime.

Organisations, too, recognised data protection as an important criterion when selecting a vendor to manage personal data on their behalf, with nearly 80% of industry representatives surveyed by the PDPC2 noting that a data protection certification would significantly enhance brand image and boost consumer confidence.

Related Resources
Annex A: Overview of certification requirements (269.06KB)
Annex B: Process Flow for DPTM Certification (209.33KB)

1The PDPC surveyed 1,500 consumer individuals from February to March 2018.

2The PDPC surveyed more than 1,500 representatives from various sectors from February to April 2018.


About Infocomm Media Development Authority (IMDA)

The Infocomm Media Development Authority (IMDA) leads Singapore’s digital transformation with infocomm media. To do this, IMDA will develop a dynamic digital economy and a cohesive digital society, driven by an exceptional infocomm media (ICM) ecosystem – by developing talent, strengthening business capabilities, and enhancing Singapore's ICM infrastructure. IMDA also regulates the telecommunications and media sectors to safeguard consumer interests while fostering a pro-business environment, and enhances Singapore’s data protection regime through the Personal Data Protection Commission.

For more news and information, visit or follow IMDA on Facebook IMDAsg and Twitter @IMDAsg.

About Personal Data Protection Commission

The PDPC administers the Personal Data Protection Act 2012 (PDPA) in Singapore, which aims to safeguard individuals’ personal data against misuse and promote proper management of personal data in organisations. The PDPA enhances Singapore’s competitiveness and strengthens our position as a trusted business hub, putting Singapore on par with the growing list of countries with data protection laws. For more information, please visit

For media queries, please contact:

Mr Eugene Neubronner
Manager, Communications and Marketing
Personal Data Protection Commission
c/o Info-communications Media Development Authority
DID: 6211 1182

Mr Chua Hian Hou
Deputy Director, Communications and Marketing
Personal Data Protection Commission
c/o Info-communications Media Development Authority
DID: 6202 4956

Explore more