OMRON is Data Protection Trustmark certified

By OMRON Healthcare Singapore, 13 Nov 2023

Background

In a world where cyber threats are on the rise, the call for beefed-up data protection has never been more urgent. Companies face fines for inadequate protection of personal data, necessitating robust safeguards. Meanwhile, OHS customer database, cultivated from diverse channels such as HealthGift, OMRON connect, OMRON online shop, warranty databases, and marketing subscribers, amplifies the importance of implementing a protective framework. This is where The Data Protection Trustmark (DPTM) steps in.

What is DPTM?

The DPTM is a voluntary certification for organizations, demonstrating their commitment to accountable data protection practices. Businesses adopting the DPTM gain a competitive advantage and build trust with customers. It's not just a certification but the team's ally in the digital realm.

This certification elevates OHS data governance, ensuring comprehensive and secure management of all data, both from external customers and internal employees. The DPTM serves as a valuable tool for organizations to enhance data protection while fostering trust and credibility in the marketplace.

What did the team do?



The DPTM plan was meticulously developed through the formation of a committee comprising key departments within OHS and the OMCP team. The implementation unfolded in a strategic manner. Initially, in 2019, an external audit gauged the organization's preparedness, with findings being incorporated across departments to enhance the data governance framework. Post the easing of Covid-19 restrictions and the return to the office, DPTM certification preparation commenced.

An external consultant guided the process, conducting training sessions for committee members to refresh on PDPA concepts and explaining the DPTM requirements. Each committee member then meticulously reviewed and prepared necessary documentation, with regular meetings with the consultant to ensure alignment with assessment requirements. The DPTM certification process comprised two stages: a one-day face-to-face desktop audit (Stage 1) and a two-day face-to-face audit (Stage 2). Following the audit, there was a comprehensive post-audit follow-up to address any necessary changes for all policies and procedure before the final submission of documents to IMDA for review and certification.

Challenges encountered

The DPTM certification journey presented various challenges for the team.

Initially, there was a collective need to enhance the team's general PDPA knowledge, as everyone was new to data protection. To address this, comprehensive training sessions were organized, ensuring that all committee members were well-versed in the relevant regulations and frameworks. Another significant challenge was understanding the extensive DPTM requirements and applying them across diverse departments. IMDA provided detailed guidelines, requiring each department to carefully analyze and align with these specifications.

Simultaneously, the team started to identify current gaps and crafting PDPA policies and processes to meet DPTM requirements. Each department undertook a mapping exercise to assess their current data protection status, scrutinizing data flows, existing processes in data collection, usage, disclosure, transfer of personal data, and reviewing all contracts.

Delays attributed to the impact of Covid-19 and the office shift in 2022/2023. Ensuring basic PDPA training for all OHS staff, navigating engagement with multiple departments (which sometimes complicated meeting scheduling), and introducing data protection practices into day-to-day operations for all OHS staff added layers of complexity to the project. Despite these challenges, the team navigated the certification process with resilience and determination.

Key outcomes

The team achieved significant milestones in their pursuit of enhanced data protection practices.

Firstly, they successfully secured the Data Protection Trustmark (DPTM) certification on 31 August 2023, signifying their commitment to robust data protection standards. This certification not only acknowledges their adherence to stringent requirements but also positions them as pioneers in the OHS region, being the first to receive such recognition. In addition to the DPTM certification, the team ensured that all OHS data protection policies and procedures align seamlessly with local regulations. This meticulous alignment not only enhances the OMRON's data protection framework but also demonstrates a proactive approach to compliance with regional standards.

Way ahead

Looking ahead, the team outlines a strategic roadmap for sustained data protection excellence. Firstly, they emphasize the importance of continuous adherence to established policies and procedures, reflecting a commitment to ongoing vigilance and diligence in safeguarding data. Secondly, regular internal audits are planned to ensure ongoing compliance with PDPA laws, facilitating a proactive approach to identifying and addressing any potential gaps. Lastly, the team is set to undertake the renewal of the DPTM certificate in three years, showcasing their dedication to maintaining high standards in data protection practices over the long term.