Singapore shores up data protection capabilities

Singapore-based firms will now be able to better ascertain the skills that their data protection officers (DPOs) will need under a new competency framework developed by Singapore’s Personal Data Protection Commission (PDPC).

Hailed as the first of its kind in the world, the framework describes a set of skills and proficiency levels needed for DPOs, from entry-level right up to those with regional responsibilities. This is accompanied by a training roadmap to help companies identify courses that DPOs need to take to achieve the next level of proficiency.

Speaking at the Personal Data Protection Seminar on 17 July 2019, S Iswaran, Singapore’s minister for communications and information, said the competency framework was developed together with experts from the International Association of Privacy Professionals, AsiaDPO, the Law Society’s Cybersecurity and Data Protection Committee and SMU Academy.

“For business owners and HR managers, this framework can serve as a guide to help you decide how to structure your data protection functions and make hiring decisions,” he said. “Additionally, it can help you plan the training for your DPO and data protection team.”

Under Singapore’s Personal Data Protection Act, every firm, including sole proprietorships, in Singapore is required to appoint at least one DPO to be responsible for ensuring compliance with data protection regulations.

To deepen the skills of DPOs, the PDPC is partnering with the National Trades Union Congress to pilot a training programme that is expected to benefit at least 500 DPOs in the first year. More details on the courses will be released later this year, according to the PDPC.

The framework has received support from local enterprises including menswear retailer Benjamin Barker, e-commerce bigwig Lazada and DBS Bank.

“In this day and age where the digital world is intrinsic in our everyday lives, data protection is an imperative. There is an increasing need to help train and identify our data protection officers in the core competencies necessary for them to succeed,” said Joel Tan, head and data protection officer of Benjamin Barker.

“As we head into a new era of internationalisation, Singapore’s new DPO competency framework is exactly that springboard we need moving forward to help guide our teams to ensure continued protection and trust from our consumers from both a local and global context,” he added.

With many organisations facing challenges in transferring data securely across different jurisdictions with varying data protection rules, Singapore’s Infocomm Media Development Authority will also be certifying organisations under the Asia-Pacific Economic Cooperation’s Cross Border Privacy Rules (CBPR) and Privacy Recognition for Processor systems.

Iswaran said certified organisations will be able to seamlessly exchange data with other certified organisations in participating APEC economies such as the United States and Japan. “Consumers can also be assured that such exchanges of their personal data will be well-protected.”

Organisations such as Accenture, CrimsonLogic, Salesforce and TRS Forensics have recognised the value of CBPR certification and indicated their interest to be certified.

Iswaran said the DPO competency framework and the CBPR are part of efforts to strengthen Singapore’s data protection capabilities and facilitate trusted data flows.

“It is only through strengthening our capabilities and forming trusted connections that we can adapt and thrive in the data-driven digital age,” he said.

“We need more consumers and organisations to embark on this journey and help them understand the importance of data protection, how it can be used responsibly, and contribute significantly to innovation.”