New framework for data protection officers and certifications for international data flows

Hariz Baharudin
Indonesia Correspondent
Updated
Jul 17, 2019, 05:54 PM
Published
Jul 17, 2019, 02:40 PM

SINGAPORE - A new framework and training plan for data protection officers (DPOs) has been developed by Singapore's privacy watchdog to clarify their roles and develop their capabilities, in a bid to ensure companies better protect and use data.

In a related move, companies based here can now apply for a pair of internationally-recognised data protection certifications that will allow them to seamlessly share data and do business faster with countries like Japan, the United States and Mexico, while being assured that their data would be protected.

The DPO Competency Framework and Training Roadmap, developed by the Personal Data Protection Commission (PDPC) in consultation with industry partners , spells out the expected roles and responsibilities at each of the three stages of a DPO's career - the data protection executive, DPO and regional DPO.

The PDPC said these stages will require various levels of competency for skills like data protection management, data breach management and ethics as well as design thinking.

The road map will help them identify the courses they need to take to move up a level of proficiency.

Announcing the framework on Wednesday (July 17) at the Personal Data Protection Seminar, Minister for Communications and Information S. Iswaran said: "The right data protection team under an able DPO can be an effective component of a company's management and support the efforts to build consumer trust and support businesses growth."

PDPC said that the commission, together with the National Trades Union Congress (NTUC), Employment and Employability Institute (e2i) and NTUC LearningHub, will be launching a 12-month pilot programme to use the framework to train DPOs.

These data protection-related courses will be available from the fourth quarter of this year and are expected to benefit at least 500 DPOs in the first year. According to the PDPC, there are currently 20,000 DPOs registered with it.

Assistant secretary-general of NTUC Patrick Tay said: "Leveraging Singapore's brand of trust, data protection can potentially be one of the key areas where Singapore and Singaporeans can set local and global standards. Complementing this with the DPO competency framework, this will help provide new career opportunities and career progression pathways for our workers."

More On This Topic
Public sector rolls out measures to ensure safety of personal data
New guidelines to help companies share data in trusted, responsible way
Law firm fined $8,000 for data protection breaches

The PDPC is also currently working with other training partners like the Institute of Singapore Chartered Accountants, National University of Singapore Law Academy, Singapore Management University Academy and Singapore Polytechnic.

Mr Iswaran also announced that companies based here can now be certified with two data-related certification standards from the Asia-Pacific Economic Cooperation, an economic group of 21 countries formed in 1989 with the goal of promoting international free trade and sustainable development.

Applications for the Cross Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) Systems certifications are now open, and companies can apply to the Infocomm Media Development Authority which is accountable for these certifications.

With the CBPR and PRP Systems, companies will be certified to have a high-standard commitment to data protection to business counterparts and customers and reduce cost and time when doing business abroad, as they will only have to deal with a single and consistent set of data protection standards.

As the accountability agent, the IMDA will ensure that a company's process complies with the CBPR and PRP Systems' expectations through independent third-party assessors before certifying them.

The certification is valid for one year and will involve two fees: a $535 application fee payable to the IMDA and the assessment fees payable to the third-party assessment body, which will range from $1,000 to $8,000.

The IMDA will waive the application fee of $535 for SMEs until June 30 next year, and said that Enterprise Singapore offers support to eligible organisations to defray costs for the assessment fee and consulting services.

It added that these forms of certification will complement the IMDA's own Data Protection Trustmark certification, which was announced in 2017 and seeks to give entities a competitive advantage by allowing consumers to identify organisations that have in place independently assessed data protection policies and practices.

Said Mr Iswaran: "It is only through strengthening our capabilities and forming trusted connections that we can adapt and thrive in the data-driven digital economy.

"We need more consumers and organisations to embark on this journey and help them understand the importance of data protection, how it can be used responsibly, and contribute significantly to innovation."

Join ST's Telegram channel and get the latest breaking news delivered to you.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top