New Initiatives to Strengthen Data Protection Ecosystem in Singapore

Dedicated competency framework for data protection officers to chart careers; Singapore ready to provide APEC certifications for cross border data transfers

17 July 2019, Wednesday
- The Personal Data Protection Commission (“PDPC”) today announced two new initiatives that will advance Singapore’s Digital Economy and bring Singapore closer towards realising its vision of a regional data protection and data innovation training hub.

These are:

  1. A new Data Protection Officer Competency Framework and Training Roadmap (“Framework”) which provides clarity on the core competencies and proficiency levels a data protection officer needs; and
  2. The appointment of the Infocomm Media Development Authority (“IMDA”) as Singapore’s Accountability Agent (“AA”) for the Asia-Pacific Economic Cooperation (“APEC”) Cross Border Privacy Rules (“CBPR”) and Privacy Recognition for Processors (“PRP”) Systems certifications.

These were announced by Minister for Communications and Information Mr S Iswaran at the 7th Personal Data Protection Seminar.

Data Protection Officer Competency Framework and Training Roadmap

Data is a critical resource for organisations, and good data protection practices can contribute to business innovation and growth. The role of Data Protection Officers (“DPO”) is central within organisations and skilled DPOs are crucial to supporting the responsible use of data and to drive data innovation.

The new Framework, developed by the PDPC with inputs from industry experts, will serve as a resource to better support organisations in their hiring and training of DPOs based on identified competencies and proficiency levels. It combines both data protection and data innovation competencies.

PDPC, supported by National Trades Union Congress (“NTUC”), Employment and Employability Institute (“e2i”) and NTUC LearningHub, will be launching a 12-month pilot programme using the Framework to train and upskill DPOs. These data protection-related courses will be available from the fourth quarter of 2019, and expected to benefit at least 500 DPOs in the first year. Details on the courses will be made available at a later date.

Assistant Secretary-General of NTUC, Mr Patrick Tay said, “Leveraging Singapore’s brand of trust, data protection can potentially be one of the key areas where Singapore and Singaporeans can set local and global standards. Complementing this with the DPO competency framework, this will help provide new career opportunities and career progression pathways for our workers.”

Mr Gilbert Tan, CEO of NTUC’s e2i said, “Data is an increasingly vital resource needed for timely business decisions, and this creates the demand for emerging job roles and functions to manage data well. e2i, together with NTUC, will help to operationalise the new Framework by reaching out to working professionals, whose job function includes data protection, and equipping them with relevant skill sets to manage, protect and govern data. We are committed to work with PDPC to curate content that will enable our data protection officers to work with greater efficacy from entry level through to regional senior management level.”

Chief Executive Officer of NTUC LearningHub Mr Kwek Kok Kwong said, “As the world moves rapidly towards Industry 4.0, data is fast becoming the fuel for business globally. As we leverage data to propel businesses forward, we must strike a balance and ensure data security and data privacy. This is where this framework comes into play, and businesses must have Data Protection Officers to advise them and help them enforce data protection. We are proud to partner with PDPC, NTUC and e2i to pilot the Data Protection Competency Framework and Training Roadmap to help raise more data protection officers to support the industry, so that we can harness the benefits of rapid digitisation and data explosion in the Industry 4.0 economy.”

Appointment of IMDA as Accountability Agent

Singapore supports cross border data flows as they underpin Singapore’s digital trade and are essential to innovation. At the same time, robust data protection standards are necessary to ensure that data is exchanged and used responsibly. The APEC CBPR and PRP Systems allow more seamless data flows within the APEC region. With the appointment of IMDA as Singapore’s AA, organisations here can now be certified under the APEC CBPR and PRP Systems for accountable data transfers across borders to other certified organisations. Singapore is the third economy after the US and Japan to operationalise the system, and certifications are now open for applications by all companies.

To encourage more organisations to apply for CPBR and PRP certifications, IMDA will waive the APEC CBPR and PRP Systems application fees for SMEs until 30 June 2020. Enterprise Singapore will also support Singapore-based organisations in adopting the certifications by defraying assessment and consultancy costs. The APEC CBPR and PRP certifications will complement the IMDA’s Data Protection Trustmark certification. Organisations interested in applying for both certifications can do so via an integrated application process.

PDPC’s Commissioner Mr Tan Kiat How said, “The PDPC, in its fifth year of driving data protection in Singapore, has made an impact on the public’s awareness of the importance of data protection and organisations’ adoption of effective data protection measures. PDPC will continue to forge ahead to facilitate trusted data sharing between organisations for innovation and the growth of Singapore’s data-driven Digital Economy.”

For more information on the Framework and how to apply for the APEC CBPR and PRP systems certification, please visit