The National Privacy Commission (NPC) is finalizing its work on creating the Philippine Privacy Trustmark (PPT). This is in line with NPC’s endeavor to protect private and sensitive data and avoid data breaches. In my view, the PPT will to quite some extent follow Singapore’s trustmark which has been in existence for some time. The Singapore model as a guide would also make it possible that Singapore and the Philippines will drive an Asean trustmark eventually.
As Philippines based data processing companies will have to eventually get the local data privacy trustmark, it will make sense for companies to already familiarize themselves with the basics to the Singapore trustmark. I am therefore taking the liberty to highlight the Data Protection Trustmark (DPTM) Certification of Singapore. I am thankful for Straits Interactive to provide us with the detailed information.
And why is Straits Interactive discussing standards? Simply because they are seeing it appear more and more in tender specifications. In Singapore, the Information and Media Development Authority (IMDA) developed the DPTM certification as part of the country’s digital economy strategy to develop Singapore as a trusted hub for data sharing and transborder communication.
As regulators across the region move to validate certifications and best practices, those in data protection will need to constantly update their skillsets in order to remain relevant. There is no doubt that the Philippines wants to be seen as a trusted hub for data sharing and transborder communication also, as the Philippines already clearly indicated to the APEC Cross Border Protection Rules authorities.
Trustmark certifications demonstrate that you have the right processes in place, are compliant with data protection laws, and are dedicated to continuously improving business processes and establishing best practices. There is a good chance it will help determine whether a tender is won or lost, or whether a data protection authority trusts you or not.
Here are the details the three key reasons why organizations in Singapore should strive for IMDA’s Data Protection Trustmark:
Business opportunities
From a business perspective, the DPTM is increasingly mentioned in government tenders and contracts as a requirement to demonstrate accountability and compliance with Singapore’s Personal Data Protection Act (PDPA). This is aligned with Singapore’s efforts in building a digital economy and trusted data hub simultaneously.
Businesses that use DPTM when bidding for government tenders or business contracts stand out from the crowd because it shows external due diligence has been performed on their business operations. In fact, if the DPTM certification is a requirement, organizations may not even be able to enter the bidding round, which can in turn severely affect business viability.
As data protection laws continue to develop and with new ones being rapidly implemented, this is an essential evaluation consideration, especially for business activities involving cross-border transfers. In fact, China is the latest to have announced its own Personal Information Protection Law slated to go live in November 2021. While the convergence will likely take time, it is without a doubt that compliance with a framework administered by a national regulator would place organizations in a much more advantageous position when bidding for projects.
Credible review of the organization’s data protection capability
Aside from that, the DPTM is a good base to adopt for internal audit objectives. As part of the DPTM certification process, an external assessment body is appointed to review an organization’s data protection practices to ensure the organization fulfils the DPTM requirements by demonstrating with evidence that its data protection policies and processes are documented, implemented and practiced. It is expected that such an external assessment body would be appointed also in the Philippines once the trustmark rules are implemented.
Symbol of trust
Lastly, the DPTM is a good indicator and symbol of trust recognizable to regulators in instances of investigations, corporate clients for due diligence and auditing purposes and consumers to demonstrate the reliability of the organization.
In investigations by regulators i.e., the Personal Data Protection Commission (PDPC), the DPTM can potentially assist an organization to demonstrate that it has validated data protection management practices. This could facilitate the investigation and possibly empower an organization to apply for the expedited route.
For corporate clients, the DPTM is the most recognized third-party certification that helps to provide validation of an organization’s data protection practices. If your organization is a third-party vendor or a service provider, the DPTM positions you as a trusted vendor and would surely hasten the due diligence process. Surveys show that four in five companies would choose to partner with organizations that manage personal data appropriately.
Stay tuned for more upcoming trustmark content in the Philippines. If you want more information on the DPTM, I will gladly link you up with my friends and experts in Straits Interactive.
Feedback and requests for support can be directed to hjschumacher59@gmail.com