Data Protection-as-a-Service for SMEs (DPaaS@SMEs)

About

The DPaaS@SMEs Programme (DPaaS@SMEs) makes it easier for SMEs to outsource data protection functions and supports SMEs in strengthening their data protection capabilities. DPaaS@SMEs aims to provide SMEs with basic data protection practices to foster consumer trust and confidence to use data to maximise business value.

NOTE:

  • Signing up for DPaaS@SMEs does not signify that the SME will be fully compliant with the PDPA
  • SMEs who outsource their data protection functions will still be accountable for all data protection decisions and implementation by their DPaaS@SMEs Providers. The outsourcing service covers only the operational aspects of the data protection functions.

Scope

The DPaaS@SMEs Package covers both a one-time setup for basic data protection and annual retainer service.

Key components of the DPaaS@SMEs Package include:

  • Data Protection Management
  • Data Breach Management
  • Training and Communications

NOTE: DPaaS@SMEs Providers will NOT provide legal advice, opinions or other forms of legal services UNLESS they are law firms who meet legal professional requirements to advise on Singapore laws.


DPaaS@SMEs Package (One-time setup)
Data Protection ManagementData Breach ManagementTraining and Communications
  1. Appoint a DPO and business contact information is made available to the public

  2. Identify risks and gaps using PDPA Assessment Tool for Organisations (PATO)

  3. Develop a Data Protection (DP) Policy

  4. Embed data protection as part of corporate governance and establish a reporting structure for data protection matters

  5. Embed regular monitoring and reporting mechanisms within Enterprise Risk Management (ERM) Framework

  6. Document data assets and flows using a Data Inventory Map
  1. Establish a data breach management team

  2. Develop a complaint handling procedure

  3. Develop a 4-step action plan for data breach response (using C.A.R.E model)
  1. Develop a staff training and communications plan

  2. Mandate all staff to complete the PDPA E-Learning Programme

  3. Identify key personnel to attend the 2 PDPC courses if they do not possess any prior data protection certifications listed in the DPO Competency Framework and Training Roadmap
DPaaS@SMEs Package (Annual Retainer)
  • Carry out annual review of data protection policies.
  • Conduct a table-top exercise to test the data breach response plan.
  • Provide one refresher training for key employees on handling personal data.

Details can be found in the Data Protection Starter Kit Checklist (386.22KB).

List of Registered DPaaS@SMEs Providers

SMEs may approach any of the DPaaS@SMEs Providers registered with IMDA to find out about their pricing and data protection services. A listing of a DPaaS@SMEs Provider in this directory does not signify that the DPaaS@SMEs provider is in any way accredited, endorsed or certified by the IMDA. It also does not imply a referral or recommendation by the IMDA. Please exercise due care and judgement prior to engaging any of the DPaaS@SMEs Providers.

Any engagement of the DPaaS@SMEs Provider is strictly on a private basis between the DPaaS@SMEs Provider and yourself and the IMDA is not a party to such an engagement. You are therefore solely responsible for the private engagements that you may enter into with the DPaaS@SMEs Providers. If there is a disagreement arising from the engagement with the DPaaS@SMEs Provider, you may wish to seek independent legal advice.

We strongly encourage SMEs to check out the following: 

S/NEntity NameBusiness AddressContact Person
1Adsan Law LLC300 Beach Road #26-00 The Concourse S(199555) 

Name: Adrian Peh
Tel: 6828 2888
Email: adrianpeh@adsanlaw.com

2Allen & Overy LLP50 Collyer Quay #09-01 OUE Bayfront S(049321)

Name: Kwok Shuhui
Tel: 6671 6065
Email: shuhui.kwok@allenovery.com

3Amica Law LLC77 Robinson Road #22-01 Robinson 77 S(068896)Name: Anna Toh
Tel: 6303 6234
Email: anna.toh@amicalaw.com
4CTLC Law Corporation3 Raffles Place #06-01 Bharat Building S(048617)

Name: Serena Lee
Tel: 6325 2788
Email: serenalee@ctlclaw.com

5Deloitte & Touche Enterprise Risk Services Pte Ltd6 Shenton Way #33-00 OUE Downtown S(068809)

Name: Chung Cher Shen
Tel: 6932 5693
Email: cherchung@deloitte.com

6DSP ISO Consultants Pte Ltd 
11 Woodlands Close #08-20 Woodlands 11 S(737853)Name: Dinesh Balakrishnan
Tel: 92269011
Email: nesh@dspiso.com
7Ernst & Young Advisory Pte Ltd
1 Raffles Quay #18-00 S(048583)
Name: John Ho Chi
Tel: 9742 5050
Email: john.ho-chi@sg.ey.com
8Harry Elias Partnership LLP
4 Shenton Way #17-01 SGX Centre II S(068807)
Name: Lim Kian Kim
Tel: 94566191
Email: kklim@harryelias.com
9P2D Solutions Pte Ltd5C Queen Astrid Gardens S(266864)Name: Desmond Chow
Tel: 9228 3782
Email: desmond.chow@p2dsolutions.com.sg
10PDataCare Consultancy Pte Ltd111 North Bridge Rd #08-01 Peninsula Plaza S(179098)Name: Gn Chiang Soon
Tel: 9616 8660
Email: chiangsoon@pdatacare.com
11RSM Risk Advisory Pte Ltd8 Wilkie Road #03-08 Wilkie Edge S(228095)Name: Hoi Wai Khin
Tel: 9450 2678
Email: hoiwaikhin@rsmsingapore.sg
12Shared Services for Charities Limited15 Lorong 29 Geylang #08-01 PTH Building S(388069)Name: Yeo Lian Sim
Tel: 6339 2811
Email: liansim_yeo@sscharities.com
13Straits Interactive Pte Ltd43D Beach Road Evershine & Century Complex S(189681)Name: Lina Wong
Tel: 6602 8010 ext 14
Email: dpaas_sme@straitsinteractive.com

Contact

For queries, please email to info@imda.gov.sg or call 6377 3800.

Last updated on: 23 Oct 2020