Organisations are collecting and processing more personal data, whether to aid in making business decisions, predict consumer behaviour or simply as part of work processes. With a great amount of data also comes a greater risk of a data breach. Personal data breaches, no matter the scale, can cause considerable damage to organisations, in the form of loss of resources, time and reputation.
In that regard, the old adage of ‘Prevention is better than cure’ rings truest for data protection practices. Since the Personal Data Protection Act (PDPA) was implemented in 2012, companies in Singapore have had to ensure that they have strong personal data protection policies and practices in place. Besides giving customers the confidence that their data is well managed and secure, practising good data management can help organisations increase business efficiency and effectiveness, protect and even enhance a company’s public image, strengthening the organisation’s competitiveness within the industry.
Some measures organisations can take to boost their data protection standards include:
- Developing an effective Data Protection Management Programme that includes clear policies aligned to the PDPA, and communicating this clearly to internal and external stakeholders.
- Having a Data Breach Management Plan in place so your employees know what to do when a data breach occurs. This plan should contain clear SOPs on how to report and respond to a data breach.
- Ensuring detailed contractual agreements listing out the data protection obligations clearly between yourself and your vendors, and have operational procedures in place such as audits to ensure that both the company and its vendors carry out the necessary steps to protect personal data.
For more resources, visit the Personal Data Protection Commission (PDPC) website here.
Data Protection Trustmark – A Badge for Accountable & Responsible Data Protection Practices
Another way that companies can demonstrate that they have good data protection practices in place is by attaining the Data Protection Trustmark (DPTM) certification.
The DPTM, administered by the Infocomm Media Development Authority (IMDA), is an enterprise-wide certification that assesses a company’s data protection policies, processes and practices. The DPTM was developed based on the Personal Data Protection Act (PDPA), and incorporates elements of international benchmarks and best practices. It serves as a public-facing badge for certified companies to show that they have sound data protection standards in place.
In attaining the DPTM, organisations can gain a competitive business advantage. PDPC’s Perception & Awareness Survey 2019 indicated that two in three consumers preferred purchasing from a DPTM-certified company, while four in five companies indicated that they preferred to do business with DPTM-certified companies. With the heightened awareness of personal data protection among consumers and businesses, obtaining the DPTM shows consumers that your organisation has a robust data protection regime in place to safeguard their personal data. The DPTM not only strengthens your company’s reputation, it fosters consumer trust and confidence in your business, providing your organisation a competitive advantage.
A third-party certification like the DPTM also provides internal assurance within the organisation by giving validation on current processes and uncovering potential weaknesses in your organisation’s data protection practices. Upon receiving the recommendations following the assessment, and acting upon them, organisations can better enjoy a peace of mind that things are in order.
Some important areas that the DPTM looks into include the proper documentation of your data protection practices, asking questions such as:
- Does your company have policies and practices in place to manage personal data, and are they communicated clearly to your stakeholders?
- Does your company have in place a process to conduct risk and impact assessments to identify, assess and address data protection risks?
- Does your company have a data breach management plan that addresses e.g. the personnel involved in managing the data breach incident, timeline for reporting data breach incidents, communications plan etc.
- Does your company have appropriate security measures in place to prevent unauthorised access, collection and use of its personal data in your possession/control?
You may assess your readiness for the DPTM certification by using the IMDA DPTM Certification Checklist.
Good Data Management a Must-Have for All Businesses
As individuals become increasingly aware of their personal data protection rights and with data breaches continuing to happen, there will be a growing demand for businesses to be accountable and to show that they have robust data protection standards in place, when managing personal data.
It is imperative that organisations recognise that being accountable in managing personal data is not simply a matter of compliance, but a good business strategy that will strengthen their brand reputation and help them build consumer trust.
To find out more about the Data Protection Trustmark, and its related subsidies and grants, visit https://www.imda.gov.sg/dptm
This article was jointly contributed by IMDA and PDPC.