Singapore launches new framework for data protection officers to improve data security in Singapore

The Data Protection Officer Competency Framework and Training Roadmap is said to better support organisations in the hiring and training of data protection officers based on identified competencies and proficiency levels.

The Personal Data Protection Commission (PDPC) will be rolling out two fresh initiatives aimed at advancing Singapore’s digital economy while developing the country as a regional hub for data protection and data innovation training.

On Wednesday (July 17), the PDPC – which is Singapore’s privacy watchdog – announced a new training plan that will lay out core competencies and proficiency levels required from Data Protection Officers (DPOs).

“The role of DPOs is central within organisations and skilled DPOs are crucial to supporting the responsible use of data and to drive data innovation,” the PDPC said.

The DPO Competency Framework and Training Roadmap, developed by the authority with input from industry experts, will serve as a resource to better support organisations in the hiring and training of DPOs based on identified competencies – including data protection and innovation – and proficiency levels.

The PDPC also said it will be collaborating with the National Trades Union Congress (NTUC), Employment and Employability Institute (e2i) and NTUC LearningHub to launch a year-long pilot programme using the framework to train DPOs.

It noted that the courses will be available in the fourth-quarter of 2019 and is expected to benefit at least 500 DPOs in the first year.

NTUC’s assistant secretary-general, Patrick Tay, said: “Leveraging Singapore’s brand of trust, data protection can potentially be one of the key areas where Singapore and Singaporeans can set local and global standards.”

“Complementing this with the DPO competency framework, this will help provide new career opportunities and career progression pathways for our workers,” he added.

IMDA as accountability agent

The PDPC has also appointed the Infocomm Media Development Authority (IMDA) as Singapore’s accountability agent for Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) Systems certifications.

Such systems, according to the PDPC, allow data flows within the APEC region to be more “seamless” while keeping data protection standards “robust” to ensure responsible exchange and usage of data.

Under the IMDA’s new appointment, organisations in Singapore would now be able to be attain these certifications – open for application by all companies – for “accountable data transfers” across borders to other certified bodies.

This makes Singapore the third country in the world after the US and Japan to use the system, the PDPC added.

Application fees for small and medium-sized enterprises (SMEs) will also be waived by the IMDA until June 30 next year. In an effort to support adoption of the certifications, Enterprise Singapore said it will defray assessment and consultancy costs for Singapore-based organisations.

The APEC and PRP certifications will complement the IMDA’s Data Protection Trustmark certification and organisations keen to apply for both are advised to do so via an integrated application process, the PDPC said.

Read also: