What’s the Difference Between Data Protection Trustmark and ISO 27701?
To help improve the standard of data protection practices within organisations in Singapore, the Info-comm Media Development Authority (IMDA) of Singapore launched the Data Protection Trustmark Certification (DPTM).
Nowadays, companies can apply for DPTM if they want to sharpen their current data protection policies and practices qualifications. Attaining DPTM can act as a positive testament of the organisation’s data protection practices.
The DPTM was rolled out with the following objectives in mind:
- For organisations to demonstrate accountable and sound data protection practices
- To promote and enhance data protection standards across all sectors
- Provide competitive advantage for businesses that are certified
- Boost consumer confidence in the organisations’ management of personal data
Who Can Apply for DPTM
Interested organisations that are recognised or formed under the laws of Singapore or residents with an office of business in Singapore can apply for DPTM. This includes organisations that are previously found to have breached the PDPA or are being investigated by the PDPC.
Such parties can apply for DPTM given that they comply with specific conditions like making an official declaration of all the investigations or breaches within the last two years prior to the data of the DPTM application. Application for DPTM is done online.
What It Takes to Achieve the DPTM
The DPTM self-assessment is based on the following principles:
- Governance and Transparency
- Management of Personal Data
- Care of Personal Data
- Individuals’ Rights
If the organisation is new to data protection and has yet to establish a baseline in relation to the Personal Data Protection Act (PDPA), they can get in touch with the PDPC’s list of Data Protection Service Providers for Assistance to prepare for DPTM readiness.
With all the preparation, the final assessment on the award of DPTM is carried out by the appointed Assessment Body (AB). The Assessment Body will act as an independent body to assess the data protection practices of the organisation.
ISO/IEC 27701 in a Nutshell
ISO/IED 27701 is a global standard that’s published by the International Organization for Standardization (ISO). It is designed to give guidance to organisations for implementing, establishing, maintaining, and improving a Privacy Information Management Systems (PIMS). It is considered a supplement to the ISO/IEC 27001 and ISO/IEC 27002 for privacy management.
Benefits of the ISO/IEC 27701 Certification
With data protection laws like the EU GDPR, organisations now need to comply with various regulations and laws around the world. While security is all about governing unauthorised access to information, privacy is all about governing the authorised access to data.
With both, organisations need to reconcile the use, confidentiality, and access to personally identifiable information. Helping organisations navigate the complex intricacies and regulations of various jurisdictions, the ISO/IEC 27701 provides organisations with a universally accepted global framework.
Notable advantages of implementing the ISO/IEC 27701:
- Builds trust within the organisation. It also minimises risk to the privacy rights of data subjects. At the same time, it allows for better management of privacy controls.
- Enhances protection against breaches. Organisations can significantly reduce security incidents and the impact it has on the organisation. It can also help prevent any harm to the company’s reputation.
- Provides transparency to the customers and stakeholders. With transparency, there is enhanced customer confidence and trust.
- Organisations can gain competitive advantage. It can also help address the varying expectations of customers as well as other interested parties.
- Facilitates partnerships with other businesses where the organisation’s conformity to international standards is recognised.
- Assimilates easily with leading information security management system standards.