FREQUENTLY ASKED QUESTIONS

DPOinBOX

  • 1. What is DPOinBOX?

    DPOinBox is a platform that delivers data protection as a service (DPaaS) for organisations to build trust with their customers and stakeholders.
    DPOinBox includes all-in-one privacy management toolkit and intelligent inbox that guides Data Protection Officers to:

    • Achieve operational compliance with PDPA and other data protection laws
    • Implement Data Protection/Privacy Management Programme
    • Demonstrate accountability to regulators
    Take advantage of the Basic DPOinBOX service for FREE today at DPOinBOX.com to start your PDPA compliance journey in a few simple steps.

    • 2. What is Straits Interactive's Data Protection-as-a-Service?

      It combines software-as-a-service with professional services that are both delivered on the DPOinBox platform.
      It does this by providing three roadmaps towards systematic and sustainable governance, risk management and compliance:

      • 1. Capability Roadmap for the Organisation
      • 2. Competency Roadmap for the DPO and Staff
      • 3. Consulting & Recommendations Roadmap

      Most of the privacy management solutions available in the market are SaaS based software that:

      • Adopts a tactical and traditional approach to privacy management
      • Aimed mainly at legal and compliance professionals
      • Assumes the user already knows what to do in order to achieve compliance with data protections laws.

      DPOinBOX on the other hand

      • Approaches privacy management from a governance and life-cycle perspective with full oversight of all functions/departments that process personal data
      • Caters specifically for Data Protection Officers to focus on operational compliance, besides legal compliance with data protection laws
      • Not only provides a complete privacy management tool kit but also guides the DPO in the compliance journey through an intelligent inBox and a combination of capability, competency and consulting/recommendations roadmap.

    • 3. How does DPOinBOX specifically work?

      DPOinBOX helps your organization to build customer and stakeholders trust easily through a systematic and proven approach from hundreds of real-world customer engagements by our consultants. See illustration for more details.

    SERVICE PLANS

    • 1. What is DPOinBOX Basic Service Plan?

      DPOinBOX Basic Service is FREE and includes all the essential tools that modern DPOs (Data Protection Officers) need to run a robust personal data protection programme and stay accountable to regulators. Optimized for use for organisations that have 20 employees and below, key features include:

      • User Friendly Navigation – New user interface and help videos, designed from the ground up based on direct customer engagements, so that DPOs can self-manage and implement a personal data protection program across their organization.
      • Home Dashboard - A command centre, supported by intelligent inbox engine that pushes relevant news, highlight urgent tasks, flag risks and assess organizational readiness in personal data protection.
      • Identify Risks – Assess risks in compliance requirements, data inventory, business processes and view reports and action recommendations. Conduct data protection impact assessments (DPIA) for new business activities that handle customer data.
      • Manage Programme – Implement a strong personal data protection programme with an action plan guide and insightful risk management system. View policies you need and distribute them.
      • Sustain initiatives – Ensure competency and awareness across the organisation through e-Learning, quizzes and communication tracking.
      • Respond to Incidents and Requests – Manage any data protection incidents systematically and handle customer’s request regarding their personal data.
      DPOinBOX Basic Service accounts are free for use, lifetime. For security reasons, the service comes with a data retention policy in which data will be cleaned after 90 days of login inactivity.
      More information can be found at DPOinBOX. The Basic Service plan can be upgraded to a paid service plans with features such as governance structure with multiple department accounts, risk heat map and more. See Question 7 for more details.

    • 3. I am new to Data Protection. Can I use DPOinBOX Basic Plan?

      Yes, you can. Although the basic edition was designed for 10 to 20 employees, this would give new data protection officers a good start in learning how to perform their role as a DPO. In a few simple steps you can create a data protection / privacy management programme for your organisation to help roll out and sustain operational compliance with your local data protection law. As you input your entries, DPOinBOX will generate analysis and recommended actions to assist you in your compliance journey.

    • 4. Which jurisdiction does DPOInBOX (Basic Plan) support?

      Currently, only Singapore's PDPA is being supported. The basic version integrates the PDPA Assessment Tool for Organisations (PATO) from the Personal Data Protection Commission for organisation to self-assess their compliance status. In addition, your data inventory will also be analysed according to the requirements of the PDPA.
      We will soon roll out versions that support other jurisdictions in the region like Malaysia, Philippines, and the European Union.

    • 5. Does DPOinBOX (Basic Plan) allow me to add custom entries?

      The Basic Plan does not currently allow you to add in customer entries, for example, into the data inventory. You will need to upgrade to a Single Service plan to be able to do this, along with additional options, features and functionalities that will help add value to your role as a DPO.

    • 6. What are the other different service plans offered under Data Protection as a Service?

      The different service plans are categorized under user service plans or more detailed corporate service plan.

      User Service Plans

      • Single User Service Plan: Data Protection officer of a small organization (less than 10-20 staff) looking to manage data protection compliance
      • Multi-User Service Plan: In-house DPO & governance team looking to manage data protection compliance across the organization

      Corporate Service Plans ( Available in selective countries only)

      • DPO Hands-on Corporate Service Plan: DPO wanting to know about what and how to comply with data protection laws based on an operational perspective or for newly appointed DPOs (includes a single user service plan)
      • DPO In-house Compliance Corporate Service Plan: DPO wanting to implement a data protection management programme across the organisation guided by legal and certified privacy experts. (includes multi-user service plans)
      • DPO Managed Services: DPOs needing help/support in ensuring ongoing compliance and responding to a data breach. Service is only available to clients that have opted

    • 7. What are the benefits of each service plan? Which one should I choose based on my needs as a DPO?
      Single User Service Plan

      Subscribe to a single user service plan if you are a DPO of a small business (10 to 20 staff) The service provides a capability roadmap for your organisation that lets you identify risks, manage your data protection and privacy programme, sustain your compliance efforts as well as respond to both data subject requests and incidents.
      As you begin your compliance journey, DPOinBOX will analyse your entries and make recommendations as well as intelligent alerts to guide you along the way.
      In addition, the service lets you follow competency roadmap to onboard new employees or train existing ones on what your policies and procedures are via e-learning.

      Multi User Service Plan

      Once you have followed the capability roadmap recommended in DPOinBOX, you can add additional users (departments and functions) to view and manage all gaps and compliance activities through a governance module, available only to those on a multi-user service plan.
      The governance module lets users identify risks; put in policies, procedures and controls; sustain compliance efforts as well as respond to both data subject requests and incidents within their own respective department and function.
      Besides enabling collaborative compliance across your organization, DPOinBOX provides you with multiple dashboards with an integrated view of all your identified risks; data inventory and flows; statuses and actions taken in your compliance journey.

      DPO Hands-on Corporate Service Plan

      Under this corporate service plan, you attend a scheduled three-day DPO Hands-on Workshop as a corporate participant to fulfill your roles and responsibilities as a DPO. The workshop will be 3 days over three weeks where you will do hands-on work relating to your organization's compliance with the data protection law. During the workshop, besides a specific curriculum, you will use DPOinBOX, guided by a certified data protection professional.

      Note that this service plan bundles a single user service plan (which will be charged annually) and one-off (paid) hour legal time with a lawyer which you can use to get legal guidance after the course. (Depending on which country you are located in, there may be government funding available.) By the end of the workshop, you will have started your compliance journey and what needs to be done to complete it.

      DPO In-house Compliance Corporate Service Plan

      This corporate service plan is catered for DPOs who require legal and operational guidance in order to ensure compliance with the data protection law across the organization.
      This service covers the following with the objectives of helping the organization to achieve operational compliance, implement a data protection programme and demonstrate accountability to regulators:

      A workshop with the DPO and agreed numbers participants of governance/compliance committee to be scheduled at the client's premises

      • Respective multi-user service plans,
      • Identify personal data risks across the organizations
      • Follow-up sessions with participants drafted policies and SOPs
      • Onsite support with a lead consultant, and certified privacy practitioners
      • Paid legal guidance

      (Depending on which country you are located in, there may be government funding available.)

      All activities will be documented using the software-as-service modules included in the multi-user service plans., providing the DPO with management dashboard to address and manage compliance gaps.

    ACCOUNT ACTIVATION, HELP AND COMPATIBILITY