Data Protection Certifications

Appointed by Infocomm Media Development Authority (IMDA) as an assessment body for Data Protection Certifications, TÜV SÜD PSB can support organisations in assessing your data protection practices, following approval of application by IMDA.

WHAT ARE THE IMDA DATA PROTECTION CERTIFICATIONS?

As personal data protection and privacy become increasingly important and a key concern for consumers, it is vital for organisations that handle and store personal data to have robust data protection practices in place to safeguard such information.

To support organisations in managing & protecting their customers’ data responsibly, IMDA has developed the following Data Protection Certifications to verify their conformance to personal data protection standards and best practices:

DATA PROTECTION TRUSTMARK (DPTM) CERTIFICATION

Developed based on Singapore’s Personal Data Protection Act (PDPA) and international best practices, the IMDA DPTM certification allows organisations to demonstrate accountable data protection practices.

BENEFITS OF DATA PROTECTION TRUSTMARK CERTIFICATION

Increase business competitiveness – by strengthening your reputation, building trust and confidence in your brand that you have robust data protection policies to safeguard customers’ personal data
Provide assurance to your organisation – with a third-party certification that helps to validate your data protection regime, allowing you to identify potential weaknesses and take steps to mitigate risks

APEC CROSS BORDER PRIVACY RULES (CBPR) & PRIVACY RECOGNITION FOR PROCESSORS (PRP) SYSTEM CERTIFICATIONS

By certifying privacy practices to the CBPR and PRP Systems, businesses can demonstrate their adherence to the Asia-Pacific Economic Cooperation (APEC) Privacy framework and facilitate seamless international data transfer while ensuring privacy and security.

ABOUT APEC CBPR CERTIFICATION
Endorsed by APEC for facilitation of personal data among APEC economies, the Cross Border Privacy Rules (CBPR) system is applicable for organisations (data controllers) that control the collection, holding, processing, or use of personal data.

The CBPR certification is based on 9 privacy principles from the APEC Privacy Framework:
- Accountability
- Prevent Harm
- Notice
- Choice
- Collection Limitation
- Use of Personal Information
- Integrity of Personal Information
- Security Safeguards
- Access and Correction
ABOUT APEC PRP CERTIFICATION
The Privacy Recognition for Processors (PRP) system is designed for organisations (data processors) that process data on behalf of client organisations (data controllers), allowing them to demonstrate their compliance with relevant privacy obligations.

The PRP certification is based on 2 privacy principles from the APEC Privacy Framework:
- Accountability
- Security Safeguards
BENEFITS OF CBPR & PRP CERTIFICATIONS
- Reduce cost and time – with a single, consistent set of privacy standards that facilitate exchange personal data across APEC member economies
- Build trust and confidence – by showing your commitment to data protection with business counterparts and customers
- Provide assurance through third-party certification – that allows your organisation to validate its data protection standards
- Demonstrate data protection compliance – to data protection enforcement authorities

TÜV SÜD HELPS YOU TO BOOST CUSTOMER CONFIDENCE IN YOUR ORGANISATION’S DATA PROTECTION POLICIES

As an assessment body appointed by IMDA, TÜV SÜD PSB can support organisations in assessing if their data protection practices are aligned to DPTM requirements & consistent with the APEC Privacy Framework.

As a leading and internationally recognised Testing, Inspection and Certification (TIC) organisation with over 40 years of experience in certification and well-versed in both PDPA and General Data Protection Regulation (GDPR), we help businesses like yours to validate and strengthen your data protection framework.

With data protection certifications, your business gains trust and fosters confidence among your customers and stakeholders by showing that you have adopted robust and accountable data protection practices.

DATA PROTECTION CERTIFICATION PROCESS WITH TÜV SÜD

If you are interested to apply for DPTM, CBPR and/or PRP certifications, you may fill in the form on this page and we will be in contact with you shortly to facilitate the process.

Below is an overview of the application process to be assessed by TÜV SÜD PSB:

STEP 1: APPLICATION
- For DPTM: Apply online with IMDA here & make payment for Application Fee
- For CBPR and/or PRP: Apply online with IMDA here and make payment for the Application Fee
STEP 2: SELECTION OF ASSESSMENT BODY
- IMDA will inform you on whether the application has been accepted or rejected.
- If accepted, you will receive the Self-Assessment Form from IMDA.
- Select TÜV SÜD PSB to conduct a data protection assessment of your organisation’s relevant data protection policies and practices.
STEP 3: ASSESSMENT WITH TÜV SÜD
- Documentation review
- On-site assessment
- Remediation (if required)
- Completion of assessment
- Assessment report to be submitted to IMDA by TÜV SÜD
STEP 4: CERTIFICATION
Eligible organisations will be awarded the relevant data protection certification by IMDA.
- DPTM certificate: Valid for 3 years – Organisations should apply for the re-certification at least 6 months from the date of expiry of the certification.
- CBPR and/or PRP certificate: Valid for 1 year – Organisations should apply for the re-certification at least 3 months from the date of expiry of the certification.

Application fee waiver & Grant available for eligible organisations

Application fee waiver of S$535 (inclusive of GST) available for:
- SMEs applying for CBPR / PRP certifications
- SMEs applying for CBPR / PRP and DPTM certifications in a single application process (Application fee waiver is not applicable if organisations apply for DPTM only)
Enterprise Development Grant (EDG) of up to 80% available till 31 Mar 2022:
- Enterprise Singapore has raised the maximum support level to 80% for eligible organisations applying for EDG until 31 Mar 2022
- Applicable for all data protection certifications – DPTM, CBPR and PRP certifications

For more information on the application fee waiver and EDG, please visit the IMDA website here.

What our client say about data protection certifications

Evon Lim, Head of Risk and Compliance, Synergy Financial Advisers Pte Ltd

As a licensed financial adviser, SYNERGY treats the provision of quality financial planning services and data protection of stakeholders as our key priorities. Therefore, upon knowing that IMDA certifies companies for their successful efforts to comply with the PDPA obligations, the management decided to go for it to ascertain the efficiency and effectiveness of our controls and systems established to safeguard personal data.

The DPTM certification not only strengthens the confidence and trust of SYNERGY’s stakeholders, it also serves as an endorsement that SYNERGY takes pride in what we do and helps to reinforce our established brand as a trusted and reliable company.

The DPTM certification process has been pleasantly smooth, and TÜV SÜD’s representatives always respond promptly.

We are impressed with TÜV SÜD’s helpful assessor, Jerald Herrera, who is really knowledgeable and has provided us with great support. We would definitely recommend TÜV SÜD for their services.

CONTACT TÜV SÜD IN SINGAPORE FOR MORE DETAILS

If you have any questions about the Data Protection certifications or available grants and subsidies, you can contact TÜV SÜD PSB by filling up the form on this page.

(Source: IMDA)