The Data Protection Trustmark (DPTM) is a voluntary enterprise-wide certification for organisations to demonstrate accountable data protection practices. The DPTM will help businesses increase their competitive advantage and build trust with their customers and stakeholders.
The directory of DPTM-certified organisations can be found here (762.48KB).
Hear from these industry leaders - AIG Singapore, Alibaba Cloud Singapore, M1 and MaNaDr – on why it pays to have the DPTM.
What DPTM means to Consumers
As a consumer, you can rest assured that an organisation certified with the DPTM has put in place responsible data protection practices and will take better care of your personal data. Learn more about DPTM for Consumers here.
Who can apply?
Organisations that have put in place a data protection regime to comply with the obligations of the PDPA can apply for DPTM.
They should be either (1) formed or recognised under the laws of Singapore, or (2) resident, or having an office or a place of business, in Singapore, and in any case, not a public agency (as defined in the Personal Data Protection Act 2012).
Organisations should assess its readiness using the DPTM Certification Checklist (274.77KB) before applying.
Organisations with ISO/IEC 27001 and 27701 may find it easier to attain DPTM certification as they have demonstrated good information security and privacy information management standards.
Upon submission of the application, the Applicant Organisation is bound by the Terms of Agreement (571.68KB) of the DPTM scheme.
Application fee of S$535 (inclusive of GST) is payable to IMDA.
Assessment fee, payable to the Assessment Body, ranges and depends on the size of the organisation (e.g. annual sales turnover, no. of sites, etc) and the Assessment Body you engaged. Please approach the Assessment Bodies listed in this website for a quotation to confirm the actual fee.
To encourage organisations to take up more than one certification (i.e. DPTM, CBPR and PRP), one application fee of S$535 (inclusive of GST) is payable to IMDA when organisations apply for multiple certifications in a single application process.
The Assessment Body (AB) acts as an independent body to assess that an organisation’s data protection practices conform to the DPTM requirements. An organisation may select any of the following five ABs:
|Assessment Body||Contact Person||Contact No|
|BSI Group Singapore||Stella Kong||6270 0777||DPTM@bsigroup.com|
|EPI Certification Pte Ltd||May Cheow||8823 3347||
|ISOCert Pte Ltd||
Saju S Pillai
9475 5120 / 6659 0810
|Setsco Services Pte Ltd||Dixon Ng||9795 9875 / 6895 email@example.com|
|Laura Koh||6895 firstname.lastname@example.org|
|TUV SUD PSB Pte Ltd||Lau Boon Cheng||8383 8696||DP_Trustmark@tuv-sud-psb.sg|
DPTM Certification Requirements and Resources
The DPTM Certification Framework was developed based on adopting and aligning it with Singapore’s enhanced PDPA and incorporating elements of international benchmarks and best practices. Organisations that are interested to incorporate DPTM into their audit, certification, sectoral frameworks, etc can email Data_Protection_Certifications@imda.gov.sg for discussion.
- Overview of Certification Requirements (132.25KB) (updated 1 Feb 2021)
- DPTM Checklist for Organisations (274.77KB) (updated 1 Oct 2021 and incorporated PDPA amendments*)
*For more information about the enhanced PDPA, visit the PDPC website.
Eligible organisations can consider applying to Enterprise Singapore (ESG) or National Council of Social Services (NCSS) to seek support for some of the costs for DPTM certification and consultancy services. Details on the criteria and application process can be found below:
Interested organisations may refer to this Quick Guide on Enterprise Development Grant Application (222.17KB).
#To help companies during this COVID-19 situation, the maximum support level has been raised from 70% to 80% till 31 March 2022.
Professional Consultancy Services:
Organisations can refer to the List of Data Protection Service Providers if they wish to engage professional consultancy services to prepare them for the DPTM certification.
Added Benefit For Certified Organisations
DPTM-certified organisations that apply for cyber insurance can enjoy faster application processing and competitive offers. QBE Insurance Singapore, Delta Insurance, Pandamatics Underwriting, and Beazley have recognised DPTM in their cyber insurance underwriting process, as the certification assures insurers that an applicant has sound and responsible data protection practices in place.
Please contact the participating cyber insurers to find out more.
|S/N||Cyber Insurer||Cyber Insurance Products|
|1||QBE Insurance (Singapore) Pte. Ltd.||Cyber and Data Security (Auto-bind) Policy|
|2||Delta Insurance Singapore Private Limited||Delta Cyber Liability Insurance Policy|
|3||Pandamatics Underwriting||Bamboo Shoot|
|4||Beazley Syndicates at Lloyd’s||Beazley’s InfoSec 2.0|