Revised Data Analytics &

Personal Data Protection

Requirements for Pre-
Approved Solutions
Enable Responsible Use of Data through Pre-Approved Solutions
to Help SMEs Thrive in the Digital Economy
✓ Uplift SMEs’ digital competency by embedding
data analytics and personal data protection
features in digital solutions

✓ Better manage personal data protection risks

with built-in measures

✓ Make it easy for SMEs to analyse data to improve

business outcomes with the dashboards and
visualization features

2
 Revised Data Analytics &
Personal Data Protection Requirements
MANDATORY for all digital solutions to comply with the Data Analytics and Personal Data
Protection requirements by 30 Nov 2024 to be eligible for pre-approval under SMEs Go Digital team.
Revised Data Analytics & Personal Data Protection Requirements
Have you completed the Declaration on Data Analytics and Personal Data Protection Requirements in SMEGD Pre-
Approval? (https://go.gov.sg/dapdpdeclaration)

Data Analytics Does your digital solution come with one or more dashboards that provide an at-a-glance
(For all digital overview of charts/indicators to help users analyse data?
solutions)
Does your digital solution allow users to perform cross-filtering* on the dashboard(s) to analyse
real-time data and generate insights to make informed decisions?

Note: Cross-filtering allows users to interact with one chart and apply that interaction as a filter to other
charts on the dashboard. It can help users understand how different parts of the data are related.

Personal Data Does your digital solution collect, use, disclose, process or dispose personal data?
Protection
(For digital Note: Solutions with personal data shall incorporate features that support the obligations under the
solutions with Personal Data Protection Act (2020).
personal data)
 Revised Data Analytics &
Personal Data Protection Requirements
MANDATORY for all digital solutions to comply with the Data Analytics and Personal Data
Protection requirements by 30 Nov 2024 to be eligible for pre-approval under SMEs Go Digital team.
Revised Data Analytics & Personal Data Protection Requirements

Personal Data (1) Does your digital solution have features to capture consent given by the individual after
Protection notifying the individual on the purposes for the collection, use and disclosure of personal data?
(For digital
solutions with (2) Does your digital solution have features that allow for access, update or correction of an
personal data) individual's personal data?

(3) Does your digital solution have features to set retention periods for the personal data and flag
out records which have reached the end of their retention period?

(4) Does your digital solution incorporate encryption of personal data both for data in transit (e.g.
TLS) and at rest (e.g. data stored on the servers)?

(5) Does your digital solution incorporate 2-Factor Authentication (2FA)/Multi-Factor

Authentication (MFA) to ensure that only authorised users can access the personal data?

(6) Does your digital solution include backup features to perform regular and automated backup
to another location separate from the operating environment, such as cloud backup?
 Who Need to Submit the Declaration

Existing pre-approved digital solution that still ACTIVE after

1 1 Dec 2024

Note: Please indicate the LOA number for the existing pre-approved
solution

2 Re-application of existing pre-approved digital solution

that’s expiring before 1 Dec 2024. e.g. re-application of solution
expired in Oct 2024

Note: Please indicate the LOA number for the existing pre-approved
solution

3 Application for NEW or EXPIRED pre-approved digital solution

5
Data Analytics Requirement

(1) Does your digital solution come with one or more dashboards that provide
an at-a-glance overview of charts/indicators to help users analyse data?

What do you need to provide?
✓ Screenshots of all dashboards in
your digital solution, with a brief
description on the objective/
purpose of each dashboard
Example
An operational dashboard to help users analyse their
organisation’s sales patterns for insights on:
• Top-selling and least popular products
• Popular product combinations
• Sales performance over different channels
• Seasonal/event-based sales patterns

✓ Save the document in zip, gif or

PDF format to reduce file size

6
Data Analytics Requirement

(2) Does your digital solution allow users to perform cross-filtering* on the dashboard(s)
to analyse real-time data and generate insights to make informed decisions?
Note: Cross-filtering allows users to interact with one chart and apply that interaction as a filter to
other charts on the dashboard. It can help users understand how different parts of the data are related.

Example
Users may use “store type” and “sales variance” to cross-filter the
What do you need to provide? charts/ indicators on this dashboard to analyse the sales
performance of each store.
✓ Screenshots of all dashboards in
your digital solution with a brief
description on the list of
indicators that can be used to
perform cross-filtering each
dashboard

✓ Save the document in zip, gif or

PDF (if the cross-filtering feature
can be sighted easily) format to
reduce file size
7
 IMDA’s Better Data-Driven Business (BDDB) Programme
Help SMEs use data to derive near-term business value and be confident about using data

Offers a free Business Intelligence

(BI) tool to help SMEs analyse data
and generate insights to address
common business objectives

✓ 10 pre-defined sets of data template

and dashboards designed to meet the
diverse needs of B2B and B2C SMEs

✓ Developed in consultation with SMEs

8
 Leverage IMDA’s BDDB BI Tool to
Build/Refine your Digital Solution’s Dashboard(s)
BI Tool for B2B SMEs New!
(Launched in Dec 2023)
1) Boost Product Sales and Grow Demand through
Distributors
2) Know Your Clients/Distributors
https://go.gov.sg/imdab2bbitool
3) Minimise Costs and Price Competitively
4) Innovate and Diversify Products
5) Improve HR Planning*

BI Tool for B2C SMEs

(Launched in Sep 2021)
1) Boost Product Sales
2) Acquire New Customers https://go.gov.sg/bddb-allbo
3) Retain and Engage Customers
4) Lower Inventory Costs
5) Improve HR Planning*

9
 Collection, Use and Protection of Personal Data

“Personal data” refers to data about an individual who can be identified from that data;
or from that data & other info that the organisation has or is likely to have access.

Customer Information Example of USES:

✓ Transaction / Payment
Enrolment Forms Collection ✓ Customer Service Protection
(Membership, Loyalty) Examples of PROTECTION:
Employee Records ✓ Marketing ✓ Access Control
✓ Employment ✓ Backup
Membership Forms ✓ Records & Audit ✓ Encryption
✓ Visitor Management ✓ Multi-Factor Authentication
Visitor Registration ✓ Password
Personal Data Protection Requirement

(1) Does your digital solution have features to capture consent given by the individual after
notifying the individual on the purposes for the collection, use and disclosure of personal data?
The examples outline possible ways to implement this requirement, but they are
not exhaustive
• Users can create consent forms and customise communication preferences, privacy policy
and obtain consent from the individual through the solution, or create and send an email
What do you need
to the individual with the consent form link
to provide?

✓ Screenshots of
feature in your
digital solution, with
a brief description
on the objective/
purpose of each
feature

✓ Save the document

in PDF format to
reduce file size
• Users can update consent details manually in the solution when consent is obtained
11
through portal/solution, during a call or in person.
• Functions e.g. portal to allow individuals to update their consent (i.e. opt-out marketing
materials) directly through the solution.
Personal Data Protection Requirement

(2) Does your digital solution have features that allow for access, update or
correction of an individual's personal data?
The examples outline possible ways to implement this requirement, but they are
not exhaustive
• Users can update individual records in response to data requests received through
What do you need portal/solution or manually e.g. email, through call, or in person.
to provide? • Functions e.g. portal for individuals to submit their data requests or update their personal
data directly through the solution.
✓ Screenshots of
feature in your
digital solution, with
a brief description
on the objective/
purpose of each
feature

✓ Save the document

in PDF format to
reduce file size

12
Personal Data Protection Requirement

(3) Does your digital solution have features to set retention periods for the personal
data and flag out records which have reached the end of their retention period?
The examples outline possible ways to implement this requirement, but they are
not exhaustive
• Users can set a default and/or configure specific retention periods for individual records,
What do you need different types of records or data categories within the system and can choose to
to provide? automatically/manually purge the data when the retention period expires.
• Automated notifications are sent when personal data records reach the preset retention
✓ Screenshots of period, or via manual search when users select the retention due date.
feature in your
digital solution, with
a brief description
on the objective/
purpose of each
feature

✓ Save the document

in PDF format to
reduce file size

13
Personal Data Protection Requirement

(4) Does your digital solution incorporate encryption of personal data both
for data in transit (e.g. TLS) and at rest (e.g. data stored on the servers)?
The examples outline possible ways to implement this requirement, but they are
not exhaustive
• Use encryption (e.g. TLS) to encrypt data transmitted between a user's device (client) and
What do you need the server.
to provide? • Personal data stored in databases are encrypted at rest.
• Encryption of all files containing personal data, whether they are stored on servers, cloud
storage, or other storage systems.
✓ Screenshots of
• Secure data transfer protocols are used for transferring files or data between different
feature in your
systems.
digital solution, with
a brief description
on the objective/
purpose of each
feature

✓ Save the document

in PDF format to
reduce file size

14
Personal Data Protection Requirement

(5) Does your digital solution incorporate 2-Factor Authentication (2FA)/ Multi-Factor
Authentication (MFA) to ensure that only authorised users can access the personal data?
The examples outline possible ways to implement this requirement, but they are not
exhaustive
• Provision of 2FA/MFA feature with at least two forms of authentication, such as combining a
password with a one-time code sent to a registered device for enhanced security.
What do you need
• Users can enable 2FA/MFA to secure high-risk transactions, such as large-scale data
to provide? transfers.
• Use of one-time password (“OTP”) or 2FA/MFA for administrator or accounts with access
✓ Screenshots of
to large volumes of personal data or personal data of confidential or sensitive in nature
feature in your
digital solution, with (financial or health records)
a brief description
on the objective/
purpose of each
feature

✓ Save the document

in PDF format to
reduce file size

15
Personal Data Protection Requirement

(6) Does your digital solution include backup features to perform regular
and automated backup to another location separate from the operating
environment, such as cloud backup?
The examples outline possible ways to implement this requirement, but they are
not exhaustive
What do you need • Users can configure how often backups occur and how long the backup data is retained.
to provide? • Option to store backups in offsite locations e.g. cloud storage services.
• Keep multiple versions of backed-up data to allow users to select the desired restore point.
✓ Screenshots of • Allow users to schedule regular automated backups at specified intervals, such as daily,
feature in your weekly, or monthly etc.
digital solution, with
a brief description
on the objective/
purpose of each
feature

✓ Save the document

in PDF format to
reduce file size
 What You Need to Do – Declaration & Validation Process
Visit https://go.gov.sg/dapdpdeclaration to
1 view the list of mandatory data analytics and
personal data protection requirements

Note: Your digital solution does not need to meet the

personal data protection requirements if it does not
collect, use, disclose, process or dispose personal data.

Prepare and submit the supporting documents

2 e.g., images/screenshots, write-up, etc. via the
online declaration form

IMDA will require about 2 to 4 weeks to review

3
and validate your submission

Attach IMDA’s email confirmation in your

4 application to SMEs Go Digital team

Note: Meeting all personal data requirements does not mean that your digital solution is PDPA-compliant.

17
Should you have any queries, please write in to smes_go_digital@imda.gov.sg.