Data Protection-as-a-Service for SMEs (DPaaS@SMEs)
DPaaS@SMEs
The DPaaS@SMEs Programme (DPaaS@SMEs) makes it easier for SMEs to outsource data protection functions and supports SMEs in strengthening their data protection capabilities. DPaaS@SMEs aims to provide SMEs with basic data protection practices to foster consumer trust and confidence to use data to maximise business value.
SCOPE
The DPaaS@SMEs Package covers both a one-time setup for basic data protection and annual retainer service.
Key components of the DPaaS@SMEs Package include:
- Data Protection Management
- Data Breach Management
- Training and Communications
DPaaS@SMEs Package (One-time setup)
Data Protection Management | Data Breach Management | Training and Communications |
|---|---|---|
1. Appoint a DPO and business contact information is made available to the public | 1. Establish a data breach management team | 1. Develop a staff training and communications plan |
2. Identify risks and gaps using PDPA Assessment Tool for Organisations (PATO) | 2. Develop a complaint handling procedure | 2. Mandate all staff to complete the PDPA E-Learning Programme |
3. Develop a Data Protection (DP) Policy | 3. Develop a 4-step action plan for data breach response (using C.A.R.E model) | 3. Identify key personnel to attend the 2 PDPC courses if they do not possess any prior data protection certifications listed in the DPO Competency Framework and Training Roadmap |
4. Embed data protection as part of corporate governance and establish a reporting structure for data protection matters | ||
5. Embed regular monitoring and reporting mechanisms within Enterprise Risk Management (ERM) Framework | ||
6. Document data assets and flows using a Data Inventory Map |
Data Protection Trustmark Certification |
|---|
|
Grant Support
DPaaS@SMEs | |
|---|---|
Social Service Agencies(SSA) | Small Medium Enterprises |
Once-off funding, capped at $6,000 per eligible SSA. | No funding for DPaaS@SMEs |
Funds will be dispersed over 2 phases | |
80% of the approved funding amount will be disbursed to agencies upon successful application and signing of the agreement. | |
The remaining 20% will be disbursed upon submission of the Consultant Retainer Report. | |
Only NCSS Full Members that provide direct services are eligible for the Data Protection Funding which provides 100% consultancy fees capped at $6,000. | |
NCSS Associate Members may tap on the NCSS VCF Consultancy Grant which provides funding up to 80% of the consultancy costs. | |
Data Protection Trustmark Certification | |
|---|---|
Social Service Agencies(SSA) | Small Medium Enterprises |
Funding for DPTM is provided under NCSS VCF Organisational Development Grant (ODG), covering up to 80% of approved project cost capped at $100,000. | Funding for DPTM is provided under Enterprise Development Grant (EDG), covering up to 80% of approved project |
