Be aware of scammers impersonating as IMDA officers and report any suspicious calls to the police. Please note that IMDA officers will never call you nor request for your personal information. For scam-related advice, please call the Anti-Scam helpline at 1800-722-6688 or go to

Data Protection Essentials

About the Data Protection Essentials (DPE) Programme

The Data Protection Essentials (DPE) logo

The Data Protection Essentials (DPE) programme is a key initiative in promoting cyber security in Singapore and supports Small and Medium Enterprises (SMEs*) in acquiring a basic level of data protection and security practices to protect their customers’ personal data and recover quickly in the event of a data breach.

* SMEs are businesses (a) registered and operating in Singapore; and (b) have group annual sales turnover of not more than S$100 million per annum, or group employment size of not more than 200 employees.

What does it entail?

DPE consists of 2 products which SMEs can use to manage data protection risks:

Newly incorporated SMEs SMEs that collect and use personal data more intensively

Foundational security solutions

Holistic one-stop professional service

  • One-time setup service on:
    • Accountability practices
    • Basic data security practices
    • Incident management
    • Training 
    • 6-month review (desktop and phishing exercise)
  • 1-year retainer service (commences after completion of one-time setup service)
Refer to the DPE Checklist (2.83MB) for more details on the service scope and resource templates.

Benefits of implementing one-stop professional service

An icon representing the SMEs who are awarded the DPE logo, featuring a circular zigzag badge with a tick mark inside

SMEs who successfully implemented the holistic one-stop professional service and signed a minimum 1-year retainer will be Listed on IMDA’s website (197.61KB) and awarded the DPE logo (terms and conditions apply (244.44KB)) as a recognition of their efforts to put in place basic data protection standard.

An icon of a scale, representing the use of the DPE programme as a mitigating factor in the event of a data breach

In the event of a data breach, the PDPC may consider a SME’s implementation of the DPE as a mitigating factor.

Sign up now!

Security solution

SMEs can sign up for the foundational encryption and backup solutions (under Cybersecurity category) through the following Start Digital partners:

Partners Solutions
Singtel Business Protect Basic + Acronis Cloud Back Up

One-stop professional service

The cost of professional service to implement basic data protection standard starts from $2,500 for one-time setup. The retainer service cost will be advised by the service providers. SMEs can sign up with the following service providers.

Non-profit organisation (NPO, e.g. social service agency, charity, association) registered and operating in Singapore are welcomed to adopt.

DPE service providers* Contact person Contact no Email
CyberSafe Pte Ltd
Dave Gurbani 8725 9789
Greenwich Management Consultancy Pte Ltd
Michelle Chew 9876 6828
Momentum Z Pte Ltd Shane Chiang 9681 2888
PDataCare Consultancy Pte Ltd
Gn Chiang Soon 9616 8660
RSM Singapore
Hoi Wai Khin 9450 2678
TRS Forensics Pte Ltd Renee Tan 9297 1316

*Please note:

  • SME should exercise its own due care and judgement in its selection of any provider.
  • IMDA is not a party to the contract between your organisation and the provider.
  • The provider is not an employee, worker, agent or partner of IMDA.
  • IMDA does not provide any guarantee in respect of and is not responsible for any service provided by the provider or any contract entered into with the provider.
  • Implementing the one-stop professional service does not signify that the SME will be fully compliant with the PDPA.

For information on how to be a DPE Service Provider, please email to 

IMDA Grants

A fixed grant amount of $1,600 from IMDA is available for eligible SMEs that successfully implemented the DPE one-stop professional service. 

Follow these steps to apply for grant before it ends on 31 March 2024. Conditions of grant apply.

An infographic showing the application steps for IMDA Grant

Go to CTOaas webpage to APPLY NOW 

Download the DPE information kit (432.40KB) for more details on DPE programme and the grants/claims process.


The following entities do not qualify for this grant support:

  • Non-profit organisations (NPOs) including social service agencies (SSAs), charities and associations
    • Eligible SSAs and charities can consider applying to the National Council of Social Service’s (NCSS) Tech-And-GO! Initiative for funding support.

Embark on your digitalisation journey with expert guidance from IMDA in Singapore

You can seek advice from CTO-as-a-Service for recommended DPE solutions and professional services.


You can also use CTO-as-a-Service to self-assess your digital readiness and access other supported solutions and resources to help you go digital, such as digital consultants for advisory and project management services.


Learn more at  IMDA's CTO-as-a-Service logo

What's next for SMEs?

SMEs can strive towards getting the Data Protection Trustmark (DPTM) certification as part of their data protection journey. As they increase their usage of data, data protection security becomes more critical than ever. The DPTM would help SMEs that are looking to build their brand with a third-party validation of their data protection regime which strengthens customer trust and increases their competitive edge. For more information about the DPTM, visit

Contact us

For queries, please email or call 6377 3800.


Explore more