Page 9 - DICCS2223 25Feb2022
P. 9

 The Data Protection Trustmark
The Data Protection Trustmark (DPTM) is developed by The Personal Data Protection Commission (PDPC) and Info-Communications Media Development Authority (IMDA) to guide organizations in adhering to best practices and international benchmarks of the PDPA. Businesses can also refer to the DPTM certification checklist, focusing on 4 key principles:
Governance and Transparency
Adopting appropriate policies and best practices are required to ensure full transparency within the business hierarchy. This includes establishing a data breach management plan and appointing a Data Protection Officer (DPO). Accountability, Internal Communication and Training to all employees and stakeholders are also required as this will reduce any risk gap within the processes.
Care of Personal Data
With the spike in adoption of business digitalization, personal data might potentially be a digital crown jewel for businesses soon. Organizations should ensure proper implementation of security polices and measures to ensure personal data are protected. Other than implementing retention and disposal processes of personal data, the accuracy and the completeness of the collected records should be taken into consideration as well.
Management of Personal Data
Seemingly the core focus of this certification requirement, this principle covers the appropriateness of handling personal data. Organizations should ensure that the purpose of collecting personal data is clear in all circumstances. Notification should be implemented before collecting any personal data. Appropriate consent, use and disclosure are also crucial when it comes to personal data management as it might create potential operational risk, if left unmanaged.
 Individual’s Rights
The last principle requires organizations to provide withdrawal of consent of personal data collection. This includes the use or disclosure of individual’s personal data. It is also essential for organizations to provide access and correction rights to individuals. This will also improve the transparency between two parties, while maintaining the accuracy of the personal data collected.

   7   8   9   10   11