A new framework and training plan for data protection officers (DPOs) has been developed by Singapore's privacy watchdog to clarify their roles and develop their capabilities, in a bid to ensure companies better protect and use data.

In a related move, companies based here can now apply for a pair of internationally recognised data protection certifications that will allow them to seamlessly share data and do business faster with countries such as Japan, the United States and Mexico, while being assured that their data would be protected.

The DPO Competency Framework and Training Roadmap, developed by the Personal Data Protection Commission in consultation with industry partners, spells out expected roles and responsibilities at each of the three stages of a DPO's career - the data protection executive, DPO and regional DPO.

The commission said these stages will require various levels of competency for skills like data protection management, data breach management and design thinking. The road map will help officers identify the courses they need to take to move up a level of proficiency.

Announcing the framework yesterday at the Personal Data Protection Seminar at Marina Bay Sands, Minister for Communications and Information S. Iswaran said: "The right data protection team under an able DPO can be an effective component of a company's management and support the efforts to build consumer trust and support businesses' growth."

The commission said that it, together with the NTUC, Employment and Employability Institute and NTUC LearningHub, will be launching a 12-month pilot programme to use the framework to train DPOs.

These data protection-related courses will be available from the fourth quarter of this year and are expected to benefit at least 500 DPOs in the first year. According to the commission, there are currently 20,000 DPOs registered with it.

NTUC assistant secretary-general Patrick Tay said: "Leveraging Singapore's brand of trust, data protection can potentially be one of the key areas where Singapore and Singaporeans can set local and global standards. Complementing this with the DPO competency framework, this will help provide new career opportunities and career progression pathways for our workers."

The commission is also working with other training partners, such as the Institute of Singapore Chartered Accountants, the National University of Singapore Law Academy and Singapore Polytechnic.

Mr Iswaran also announced that companies based here can now be certified with two data-related certification standards from the Asia-Pacific Economic Cooperation, an economic group of 21 countries promoting international free trade and sustainable development.

Applications for the Cross Border Privacy Rules and Privacy Recognition for Processors Systems certifications are now open, and companies can apply to the Infocomm Media Development Authority, which is accountable for these certifications.

With the two standards, companies will be certified to have a commitment to data protection to business counterparts and customers, and reduce cost and time when doing business abroad, as they will have to deal with only a single and consistent set of data protection standards.

As the accountability agent, the authority will ensure that a company's process complies with the standards' expectations through independent third-party assessors before certifying them.