Robust data protection credentials can help win consumer trust

When management consulting firm McKinsey and Company surveyed more than 1,300 business leaders and 3,000 consumers globally¹, they found that more than half will only buy from companies that actively implement strong data protection policies. The research also uncovered the importance of data protection not just for consumers, but for businesses too. A majority of respondents – 85 per cent – say that knowing a company’s data privacy policies is important before they make a purchase.

Protecting consumer data is critical given the rapid rise in threats to online information, including fraudulent activities, hacking, phishing, and identity theft. With the exponential growth in the use and collection of data across the world, it is no longer viable for businesses to adopt a checkbox mentality when it comes to data protection. Companies need to put in place a robust data protection regime to strengthen customer confidence and enhance competitiveness.

How businesses can get started on protecting their customer data

It is critical for companies to protect the personal data of individuals, ensuring their personal information – from contact details to credit card details – is collected, stored, and used responsibly. For SMEs uncertain on how to approach data protection, IMDA’s Data Protection Essentials (DPE) programme enables them to acquire a basic level of data protection and security practices. 

Designed to help companies protect their customers’ personal data and recover quickly in case of a data breach, the DPE programme is one of many ways in which IMDA has been working with companies throughout Singapore to support their data protection management programmes. From a newly incorporated SME to one that collects and uses personal data more intensively, the DPE programme can help businesses inspire trust and gain a competitive edge.

Companies across industries stand to gain from enhancing their data protection practices, even in conventionally offline sectors like Food and Beverage (F&B). For Georges Bar & Restaurant, founder David Leong saw the DPE as critical to their business success. “We went for the DPE as data protection is not an option but an essential part of customer service. It should not be seen as an expense but as an investment towards customers' confidence and overall experience,” said David.

Go a step further: get certified with the Data Protection Trustmark

Over the years, many businesses, including AIG Singapore, Alibaba Cloud Singapore, M1, and MaNaDr have chosen to go further and demonstrate that they have put in place a sound personal data protection regime by getting certified with the Data Protection Trustmark (DPTM). The DPTM is a voluntary, enterprise-wide certification for organisations to demonstrate accountable data protection practices

Adapted from Singapore’s Personal Data Protection Act (PDPA) and incorporating international benchmarks and best practices, the DPTM assures customers that organisations they are dealing with manage their personal data responsibly with proper data protection measures. Undergoing the certification assessment will help companies increase their data governance standards, identify data protection gaps, and take steps to mitigate risks. DPTM can also serve as an accountability tool, playing a significant role in helping certified companies strengthen their competitive advantage and build trust with customers and stakeholders.

“As we continue to introduce new insurance products which are bought and renewed online, the Data Protection Trustmark certification gives our customers even more confidence transacting with us, as they know AIG has strong safeguards in place for personal data protection.”

– Mr Christian Sandric, President & Chief Executive Officer, AIG Singapore

If an organisation is formed or recognised under the laws of Singapore, and is not a public agency (as defined by the PDPA), it is eligible to apply for DPTM certification. Should a business have ISO/IEC 27001 and 27701 certifications, it may be easier to be DPTM-certified, as this means it has demonstrated good information security and privacy information management standards.

Trust as a differentiator

As more businesses expand their presence online, the competition for customers will intensify. The ability to demonstrate that a company takes personal data protection seriously will give consumers the assurance to do business with it, sharpening its competitive edge in an increasingly crowded online environment. This is especially important as clients from both public and private sectors increasingly demand that their vendors demonstrate good personal data protection standards by having the DPTM certification. A robust data protection regime will protect one’s business from online threats that can disrupt operations and impact bottom lines. If you are a business looking to stand out from the rest, learn how you can enhance your personal data protection policies with DPTM.