Data Protection Essentials Programme

The PDPC and Info-Communications Media Development Authority (IMDA) offer the Data Protection Essentials (DPE) framework, which supports Small and Medium Enterprises (SMEs) in acquiring a basic level of data protection and security practices to protect their customers’ personal data, build trust with their stakeholders and recover quickly in the event of a data breach.

SMEs in Singapore are strongly encouraged to reference the DPE framework in their digitalisation journey to ensure that your organisation is handling customers’ personal data responsibly.

Implementing DPE would benefit your organisation in the following ways:

  • With a basic level of data protection and cybersecurity practices, organisations can safeguard their customers' personal data and recover swiftly in the event of a data breach.
  • Should a data breach occur, the PDPC may consider an organisation's implementation of the DPE framework favourably in deciding an enforcement outcome.

Tools and resources developed by the Personal Data Protection Commission (PDPC) and Cyber Security Agency of Singapore (CSA) are available to help SMEs demonstrate greater accountability to their customers and enhance business competitiveness in the longer term.


For more information on the programme details, visit


As you level up your data protection standards through DPE and increase usage of data, you can strive towards getting certified with the Data Protection Trustmark (DPTM) as part of your data protection journey. The DPTM would help you build your brand with a third-party validation of your data protection regime which strengthens customer trust and increases your competitive edge. For more information about the DPTM, visit