30 July 2019

On 17 July 2019, the Personal Data Protection Commission (“PDPC”) published a new Data Protection Officer (“DPO”) Competency Framework and Training Roadmap to guide data protection (“DP”) professionals in enhancing their competencies so as to perform their job functions effectively in an organisation. Developed with inputs from industry experts, the framework combines both data protection and data innovation competencies and will serve as a resource to better support organisations in their hiring and training of DP professionals.

Hiring the right DP professional for the organisation

To hire the right DP professional, organisations may refer to the framework to have a better understanding of the different job functions. The framework sets out the following three job functions:

  • Data Protection Executive 
  • Data Protection Officer 
  • Regional Data Protection Officer

For each job function, the framework also sets out the baseline tasks required. For example, (a) the Data Protection Executive is expected to monitor and assess the organisation’s personal data protection policies and practices to ensure compliance with the Personal Data Protection Act 2012, (b) the Data Protection Officer should look into developing and reviewing a Data Protection Management Programme that covers policy, processes and people for the handling of personal data at each stage of the data lifecycle and (c) the Regional Data Protection Officer oversees data transfer activities and provides leadership guidance on personal data protection law in other jurisdictions.

The framework also helps organisations to consider building up the data innovation-related competencies of their DP professionals as they move towards harnessing the value of data to deliver new and improved products and services.

Core competencies and training roadmap for the DP professional

The framework helps DP professionals by creating a clear career path for data protection, identifying their competency gaps and relevant training courses to plug the gaps, and effectively operationalising the organisation’s data protection policies and processes. The following nine core competencies are outlined in the framework, each with a proficiency level where relevant, to strengthen the DP professional’s capabilities with respect to data protection and data innovation:

  • Data protection management 
  • Risk management (data protection) 
  • Data breach management 
  • Stakeholder management 
  • Data protection audit and assurance 
  • Data governance 
  • Data sharing 
  • Data-driven design thinking 
  • Data ethics

The framework also sets out a training roadmap which identifies the courses necessary to help DP professionals achieve the next level of proficiency. The training roadmap is based on the three job functions and nine types of competencies outlined in the framework.

Reference materials

The following materials are available on the PDPC website www.pdpc.gov.sg:


Download PDF