Guidelines on Competency and Training of Data Protection Officer and Development and Training Roadmap Launched
04 August 2025
- The regulator’s expectations for DPOs in the six core areas that a DPO is responsible for when supporting its organisation’s compliance with personal data protection requirements. These six areas, as outlined in the earlier issued Appointment of Data Protection Officer Guidelines, are: advisory and support, risk management and assessment, compliance oversight and monitoring, audit and reporting, communications and stakeholder engagement, and regulatory and data subject management.
- The knowledge, skill, and abilities expected of DPOs in each core area.
For organisations who have yet to appoint a DPO, note that the DPO Competency Guidelines state that DPOs may demonstrate their ability to meet the competencies through:
- the DPO’s individual expertise and capabilities;
- support from an internal DPO team or organisational resources; and/or
- external support by engaging third-party experts for specific areas of competency.
DPO Training Provider Guidelines
The DPO Training Provider Guidelines outline the regulator’s expectations for DPO training providers and provide a prospective framework for the formal recognition and oversight of such providers. Among others, the DPO Training Provider Guidelines set out the core elements that training programmes provided by training providers should cover, such as legal and regulatory knowledge, operational and risk awareness, and scope of responsibilities.
Whilst the DPO Training Provider Guidelines do not yet provide for a means of formal recognition/ certification of training providers, it states that the Commissioner may choose to introduce such a formal recognition/ certification framework in the future.
DPO Training Roadmap
The DPO Training Roadmap sets out a prospective development pathway and training roadmap to support the development of appointed DPOs. Although the Roadmap does not yet introduce a formal recognition/ certification framework for DPOs, it states that such a framework may be implemented in the future, and sets out guidance as to what such a framework may encompass.
Comments
These new Guidelines and Roadmap provide additional guidance to complement the recently introduced requirement to appoint a DPO, and organisations are advised to take note of the same.
| Skrine offers a 1-day DPO Intensive Training specifically designed to equip internally appointed DPOs with practical knowledge of the core principles and obligations under the PDPA. For more information or to register, please contact Jillian Chia at jc@skrine.com. |
For further information, please contact Jillian Chia (Head/Partner), Natalie Lim (Partner) and Charmayne Ong (Partner) of the Personal Data Protection Practice of Skrine.
This article/alert contains general information only. It does not constitute legal advice nor an expression of legal opinion and should not be relied upon as such. For further information, kindly contact skrine@skrine.com.