top of page
data protectbiomet 1280x720.jpg

About DPTM

Under the Personal Data Protection Act of Singapore (PDPA), organizations have a legal obligation to protect personal data.

The Data Protection Trustmark (DPTM) is a certification scheme administered by the Singapore Infocomm Media Development Authority (IMDA).

 

The scheme was put in place for organizations to demonstrate accountable data protection practices. For the general public and enterprises alike, you can be confident that your personal data is in safe hands.

Do you engage in any of these practices?

Hardcopy Forms

Hardcopy Forms

Collecting personal information for employment, enrolment

Web/ Online Forms

Web/ Online Forms

Collecting personal information for employment, enrolment, subscribe to services, lucky draws..

Photo ID

Photo ID

Collecting or retaining national ID (NRIC) for entry into premises

Biometric System

Biometric System

Eye scan, fingerprint scan for entry into premises

Events photography

Events photography

Photo taking of events showing faces of guests or general public

CCTV

CCTV

CCTV, surveillance camera capturing faces of general public

© AEDGBIZ

If your answer is "Yes"...

Your organization is required by law under the Singapore Personal Data Protection Act 2012 to protect the collected personal data from:

  • Misuse / Abuse

  • Loss

  • Theft

laws.png

Why It Matters

DPTMPrinciples.png
Anchor 2

How We Can Help...

Anchor 1

...In 5 Steps

We can assist your organization by setting up the data protection framework leading to the Data Protection Trust Mark Certification.

1

apply.png

Grant Application

The IMDA is encouraging SMEs to get the DPTM certification. Grants are available to subsidize the consultancy and certification costs.

We can assist you in applying for the grant.

We are delighted to provide an estimate for you to make an informed decision.

Need A Price Estimate?

Student Learning Mathematics

Frequently Asked Questions

No. The DPTM certification is for Singapore registered organizations. However, the DPTM certification is applicable if you have a subsidiary registered in Singapore.

My organization is registered overseas. Can I apply for DPTM certification?

The Personal Data Protection Act applies to any part of the personal data process executed in Singapore for collection, storage, processing, transfer, use, and archive.


If for example, the personal data is transferred and processed outside of Singapore, your organization must ensure the parties involved in the transfer and processing is able to abide by local data protection laws or are certified for Cross Border Privacy Rules (CBPR) System and Privacy Recognition for Processors (PRP) System certification.

Does the PDPA apply to personal data being handled overseas?

No. The Personal Data Protection Act does not discriminate between locals or foreigners. The law applies to both local and foreigner personal data being collected, stored, processed, transferred, used and archived in Singapore.

Does personal data information protection apply to local residents only?

Yes, as long as your business is handling personal data information.

My business is just a one man show. Do I need to comply with the PDPA?

DPTM certification is voluntary. Being certified provide confidence to your customers that your organization have the necessary framework in place to safeguard their personal data.


However, compliance with the Personal Data Protection Act (PDPA) is compulsory if your organization is handling personal data.

Is Data Protection Trust Mark (DPTM) Certification Compulsory?

Personal data can exist in the form of hardcopy written information or softcopy data. Example of personal data information covers:

  • Personality Data (Name / Gender /Age / Marital Status / Professional or Education Status)

  • National Identity (E.g., NRIC / FIN / Passport Number / Visa Number/ Work Permit Number)

  • Employment Information

  • Contact Details (Phone / Home Address / E-mail Address)

What is personal data?

General FAQs

The grant covers qualifying costs for

  • Consultancy to set up your DPTM system

  • Certification

  • Testing (e.g., network penetration by a third party)

  • Training

 For more details on the grant, click here.

What is the grant amount?

You should apply for the Enterprise Development Grant (EDG) under Infocomm and Media Authority (IMDA) of Singapore. Please ensure your organization qualifies as a Small, Medium Enterprise (SME).

Which government grant should I apply for?

Grant FAQs

Yes, we do.


You can engage us for a specific portion of the project. Some clients have engaged us to do the following:

  • Conduct a data inventory map of its entire organization.

  • Conduct a Data Protection Impact Assessment.

  • Conduct a pre-certification assessment to gauge readiness.

The above is what we call a piece meal approach. Please use the RFQ page and indicate this special request in the expected completion date and remarks section of the RFQ form.


Do note that if your organization is applying for grants, the grant does not cover piece meal projects.

Do you provide consultancy for a specific portion of the DPTM certification preparation?

Certification costs are capped and regulated  by IMDA. From experience, a single site small enterprise certification fee is around $3,000 and a large single site enterprise certification fee may go up to $12,000.


For consultancy, the cost is very dependent on the scope and complexity of processes. As an example, we have assisted a small single site entity for as much as $5,000.  The good news is that these costs can be offset by grant subsidies. 


Please use the RFQ page if you wish to know the cost estimate. Select Data Protection Trust Mark.

How much does it cost to obtain certification?

From experience, a single site operation handling simple personal data can be certified within 6 months or less from project kick-off. The required time is also dependent on the number of sites and complexity of processes handling personal data.

How much time is required to be DPTM certified?

Project FAQs

We are here to assist. Use the chat app at the bottom right side of the screen. Our office hour chat lines are open from Monday - Friday, 9 am to 5 pm.  After office hours, you may leave your contact details in the chat app. We will get back to you.

Chat with us if you have general inquiries.

© 2025 AEDGBIZ PTE LTD | All Rights Reserved
bottom of page