11 August, 2018
Businesses based in Singapore are being encouraged to participate in a new data protection certification scheme being piloted in the country.
Under the initiative, businesses will be able to open up their data protection practices for scrutiny by third party assessors who could issue them with a 'data protection trustmark' (DPTM) validating that their practices are comply with Singapore's Personal Data Protection Act (PDPA), as well as international standards and industry best practices.
"This is a timely initiative given the increasing trend of cyber attacks and data leaks, and will give businesses a more tangible way of showing how they are investing more to protect consumer data," said data protection law expert Nathanael Lim of Pinsent Masons MPillay, the Singapore the Singapore joint law venture between MPillay and Pinsent Masons, the law firm behind Out-Law.com.
The pilot will run between August and November, according to the Infocomm Media Development Authority (IMDA), which, together with Singapore's Personal Data Protection Commission, is behind the initiative.
"The pilot certification phase is to help fine-tune the certification process and enable interested organisations to get on board the scheme and benefit from the certification as early adopters," the IMDA said. "Organisations that have put in place a data protection regime to comply and go beyond the obligations of the PDPA would be considered for the pilot programme."
Three assessment bodies have been appointed on a panel basis to consider applications for certification.
Those bodies are ISOCert, Setsco Services, and TUV SUD PSB.
The certification process will not be free. Participating businesses will have to pay a fee to the assessment bodies – the largest organisations will pay a fee of SIN$10,000 (£7,336). Certifications issued will last for three years, after which businesses will need to re-apply.
"A DPTM certification will help businesses increase their competitive advantage and build trust with their clients," the IMDA said. "The DPTM will be a visible indicator that an organisation adopts sound data protection practices."
Applications for participation in the pilot scheme can be submitted up to 30 September.
A system of data protection certification is envisaged under the EU's General Data Protection Regulation (GDPR). In the UK, the Information Commissioner's Office (ICO) has previously outlined its backing for 'privacy seals'.
This article was published in Out-law here.
For further information please contact:
Bryan Tan, Partner, Pinsent Masons MPillay
bryan.tan@pinsentmasons.com