The digital trust certification enables enterprises to have best practices for data protection to meet legislative requirements. It also provides a competitive advantage for enterprises to gain greater consumer trust, leading to higher revenue opportunities. So says Richard Hong, CEO of TÜV SÜD ASEAN, in this interview.
The fallout from the pandemic has not just impacted humans but also data. The volume of data created or consumed globally will balloon from 64.2 zettabytes in 2020 to 180 zettabytes by 2025. That estimate comes from research house Statista. In 2020, the amount of data created reached a new high, caused by the increased demand due to the pandemic, as more worked, learnt and played from home.
The value of the data is in dissecting and analyzing it. However, that depends on whether the dataset can be trusted and whether companies that utilize the data have the right to do so. That’s why regulations such as the PDPA and GDPR are in place – to protect the data collated and deployed by companies.
Malaysia was the first country in ASEAN to initiate the PDPA (Personal Data Protection Act) in 2010; it was passed in November 2013 to protect individuals’ PII (personally identifiable information) for commercial transactions. The penalty for non-compliance ranges from RM100,000 to RM500,000 and up to three years’ imprisonment. Singapore’s PDPA came into effect in July 2014 and was updated in November 2020. Companies that breach the PDPA may be fined up to S$1 million and suffer damage to their reputation.
There is similarly an urgent need for a data trust certification system. In September 2021, just such an initiative was launched by Credence Lab. Called DTRS (Data Trust Rating System), it was developed by a consortium of a dozen companies, including KPMG, Alibaba Group, IBM, Drew & Napier, Eden Strategy Institute, and the National University of Singapore. Germany-headquartered TÜV SÜD was tasked to handle assessments and certification, and its local arm – TÜV SÜD PSB – is accredited by the Singapore Accreditation Council (SAC).
Trust is the new currency. It underpins business in the digital economy. Singapore’s Minister of State for Communications and Information Tan Kiat How noted that industry players face many barriers when trade documents move across borders. “This results in additional cost and delays,” he said at the DTRS launch. “It is not just about updating our rules and regulations, but getting the many parties involved to trust the integrity of the underlying transaction and documents.”
Why is trust in data so crucial for brands? To build credibility and trust in best practices. Playing a vital role in this is the German testing, inspection and certification firm, TÜV SÜD. They have been appointed the assessment body for the Credence DTRS.
“DTRS enables enterprises to be assessed and certified as deploying best practices for data protection and meet legislative requirements,” Richard Hong, CEO of TÜV SÜD ASEAN, said in an interview. “It also provides a competitive advantage for enterprises attaining higher ratings. They gain greater consumer trust leading to better revenue potential. Consumers spend more with enterprises they trust.”
What leverage does DTRS provide? “There are numerous certifications to measure compliance to legislation,” Philip Heah, CEO of Credence Lab, said. “Companies certified with the Credence DTRS will be able to demonstrate their accountability to handle personal data, assure regulators of their compliance to legislation, and offer business partners confidence in exchanging data.”
Which companies would benefit the most? Government agencies, local and multinational companies in the environment, utilities, food, transportation, aviation, maritime, infocomm, and other highly competitive industries. SAC is a signatory of the International Accreditation Forum, and all members recognize and honor certification across the member countries.
Are any grants available for local enterprises? As part of the Enterprise Sustainability Program under ESG (Enterprise Singapore), the SaaS (Sustainability-as-a-Service) program by TÜV SÜD helps businesses capture new opportunities in the Green economy. It offers local companies a systematic gap analysis, training, and certification. Companies can apply directly with TÜV SÜD PSB for the SaaS initiative and receive up to 70% of eligible costs. For details, visit: Sustainability-as-a-Service (SaaS) Programme | TÜV SÜD PSB (tuvsud.com)
Digital trust is a new initiative worldwide. How different is GDPR from DTRS? “GDPR is legislation and not a certification programme,” Hong says. “Currently, there is no approved certification for GDPR. The PDPA is Singapore’s equivalent. PDPC has a certification program called DPTM (Data Protection Trust Mark) since 2019. The Credence DTRS is another certification that encapsulates DPTM and provides a rating as well.”
The other side of the privacy coin is security. ISMS (information security management system) is a documented management system consisting of security controls that protect assets’ confidentiality, availability, and integrity from threats and vulnerabilities. By designing, implementing, managing, and maintaining an ISMS, organizations can protect their confidential, personal, and sensitive data from being compromised. ISO/IEC 27001 ISMS is an internationally recognized standard published by the International Organisation for Standardization and the International Electrotechnical Commission (IEC).
The top three tips for certifications that digital leaders should strive to attain? Hong’s advice:
- Be aware that data permeates throughout the organization and requires an entire organization to be involved in data protection.
- Data protection is not just about cybersecurity but involves best practices around the collection, use, storage, sharing and disposal of the data.
- Data trust is about respecting users and their data by facilitating users in exercising their rights, such as rights to access and rights to correct the data.
Incidentally, since 1981, January 28 has been celebrated as World Data Privacy Day to raise awareness and promote privacy and data protection best practices. Given the importance of data, every day should be considered Data Privacy Day.