For enquiries, please contact us here, or write to us at

Personal Data Protection Certificates

Setsco is an Assessment Body (AB) appointed by IMDA for the Data Protection Trustmark (DPTM), APEC Cross Border Privacy Rules (CBPR) System and APEC Privacy Recognition for Processors (PRP) Certification. Since the launch of DPTM, Setsco has assessed organisations from various industries and is thus equipped with the experience to deliver quality assessment. With our experience, we are confident in guiding you and your business towards a successful certification.

Data Protection Trustmark (DPTM)

The Data Protection Trustmark (DPTM) is a voluntary enterprise-wide certification for organisations to demonstrate accountable data protection practices. By obtaining DPTM certification, you will be able to demonstrate to your customers that you have robust data protection policies and practices in place to safeguard their personal data. This will help strengthen your reputation, build trust and foster confidence in your business, thus raising your business competitiveness both locally and overseas. Furthermore, third-party certification helps to provide validation of your organisation’s data protection regime. The certification will increase your data governance and protection standards, uncover potential weaknesses and enable your organisation to take steps to mitigate risks.

The DPTM Certification Framework was developed based on adapting and aligning it with Singapore’s Personal Data Protection Act (PDPA) and incorporating elements of international benchmarks and best practices. Under this framework, your organisation will need to pass a set of robust and comprehensive criteria and have in place the following practices:

1. Trained Data Protection Officer and staff to handle your personal data;

2. Reasonable collection, use and disclosure of data with consent obtained and purpose made known;

3. Appropriate measures for protection, retention and disposal of data;

4. Provision of withdrawal of consent, and access and correction of data; and

5. Appropriate measures to take in the event of data breach.

If your organisation has put in place policies and practices to comply with PDPA, you are ready to take your first step towards being DPTM certified.

APEC Cross Border Privacy Rules (CBPR) System

The APEC CBPR System was developed to help you build consumer, business and regulator trust in cross border flows of personal data. The APEC CBPR System requires your business to implement data privacy policies consistent with the APEC Privacy Framework and it can help you to bridge differing national privacy laws within the APEC region, reducing barriers to the flow of information for global trade.

The CBPR System applies to organisations (data controllers) that control the collection, holding, processing, or use of personal data and it enables certified organisations across APEC economies to exchange personal data more seamlessly.

The APEC CBPR certification is based on the APEC Privacy Framework that features nine privacy principles: Accountability, Prevent Harm, Notice, Choice, Collection Limitation, Use of Personal Information, Integrity of Personal Information, Security Safeguards and Access and Correction. The framework was endorsed by 21 APEC economies to promote accountable and responsible transfers of personal information between the APEC economies.

APEC Privacy Recognition for Processors (PRP) Certification

The APEC Privacy Recognition for Processors (PRP) System was designed for organisations (data processors) who process data on behalf of client organisations (data controllers), to demonstrate their ability in providing effective implementation of a controller’s privacy requirements. The PRP certification is based on 2 of the 9 principles of APEC Privacy Framework: Security Safeguards and Accountability.

Singapore recognises the APEC CBPR and PRP certifications for overseas transfers of personal data under the PDPA. This means that your Singapore-based organisation can easily transfer personal data to the overseas certified recipient without having to meet additional requirements.

Application Fee Waiver (applicable for CBPR and PRP certifications only)

a. Application fee of S$535 (inclusive of GST) is waived for SMEs till 30 Jun 2021.

Funding Support (applicable for DPTM, CBPR and PRP certifications)

b. Eligible organisations clan consider applying to Enterprise Singapore (ESG) to seek support for some of the costs for DPTM/CBPR/PRP certificatin and consultancy services. ESG has raised the maximum support level to 80% for eligible organisations applying for the Enterpirse Development Grant (EDG) until 31 Mar 2021

For more information, please contact

Elean Kwek

Tel: 6895 0669


Laura Koh

Tel: 6895 0659