Parliament Sitting on 6 August 2018
QUESTION FOR WRITTEN ANSWER
*2121. Mr Melvin Yong Yik Chye: To ask the Minister for Communications and Information (a) what is the projected number of Data Protection Officers (DPO) needed in Singapore for the next five years; (b) what is the current shortfall; and (c) what is the Ministry's plan to train and deploy more DPOs.
Mr Speaker, it is mandatory under the Personal Data Protection Act, or PDPA, for all private-sector organisations to designate one or more individuals as a Data Protection Officer, or DPO. The DPO is responsible for ensuring that the organisation complies with the PDPA.
2 According to a 2018 survey commissioned by the Personal Data Protection Commission, or PDPC, close to 60% of private sector organisations in Singapore have appointed at least one DPO. This represents a six percentage point increase from the previous year. PDPC is studying this issue closely, with a view to increasing both the numbers and capabilities of DPOs.
3 There are two parts to my Ministry and PDPC’s plan to train and deploy more DPOs. Firstly, we are developing and supporting training programmes for DPOs. For example, since 2014, PDPC has developed an e-learning programme for DPOs to learn about the fundamentals of the PDPA.
4 PDPC is supplementing this by rolling out more advanced training programmes to enhance DPOs’ skills. These include the Professional Conversion Programme for DPOs, which started last month, and the Practitioner Certificate for Personal Data Protection Preparatory Course, which starts in October this year. In addition, PDPC has supported the development of personal data protection-related courses to be taught at the National University of Singapore and Singapore Management University starting this academic year, through which graduates can attain professional, internationally recognised certification.
5 The second part of our strategy is to foster a collaborative environment where DPOs can learn best practices. PDPC is making Singapore a training hub for data protection professionals in the region by anchoring data protection-related events here, such as the annual Personal Data Protection Seminar hosted by PDPC. PDPC is also encouraging the formation of more communities of practice, such as AsiaDPO and the Law Society’s Cybersecurity and Data Protection Committee.
6 While we continue to grow and deepen the pool of DPOs, organisations must also do their part by appointing and supporting their DPOs. By doing so, organisations will not just comply with the PDPA, but more importantly, build consumer trust in their ability to use and safeguard personal data responsibly.