APEC Cross Border Privacy Rules and Privacy Recognition for Processors Systems Certification

The Personal Data Protection Act (PDPA) recognises the Asia Pacific Economic Cooperation (APEC) Cross Border Privacy Rules (CBPR) System and Privacy Recognition for Processors (PRP) System certifications as one of the modes for transfers of data overseas. 

Based on a set of approved requirements developed under the APEC Privacy Framework, both systems establish a network of accountable organisations in participating APEC economies to facilitate trusted and seamless cross border flow of data in the digital economy. An overseas recipient that is CBPR- or PRP-certified is considered legally bound to provide comparable protection for the transferred personal data to the PDPA. Organisations in Singapore can easily transfer personal data to the overseas recipient without meeting additional requirements. 

What is APEC Cross Border Privacy Rules System (APEC – CBPR)? 

The CBPR System was endorsed by APEC to facilitate personal data flows among APEC economies, and to demonstrate accountability in data protection. The APEC CBPR System applies to organisations (data controllers) that control the collection, holding, processing, or use of personal data. The certification requires participating businesses to implement data privacy policies consistent with the APEC Privacy Framework and helps to bridge differing national privacy laws within the APEC region, reducing barriers to the flow of information for global trade. 

CBPR certification is based on 9 privacy principles from the APEC Privacy Framework which was endorsed to promote accountable and responsible transfers of personal information:  

1. Accountability,  

2. Prevent harm, 

3. Notice,  

4. Choice, 

5. Collection limitation,  

6. Use of personal information, 

7. Integrity of personal information,  

8. Security safeguards, 

9. Access and correction.  

What is APEC Privacy Recognition for Processors System (APEC - PRP)? 

The APEC PRP System was designed for organisations (data processors) who process data on behalf of client organisations (data controllers), to demonstrate their ability in providing effective implementation of a controller's privacy requirements. The certification provides assurance to data controllers that the processing of personal data is at least consistent with similar requirements under the APEC CBPR System.  

PRP certification is based on 2 key principles from APEC Privacy Framework: 

1. Security safeguards, 

2. Accountability. 

Assessment Process for APEC CBPR/ PRP Certification 

_{Note: The process may take approximately 7 – 10 months.}  

_{For more details on DPTM certification, please contact Ms. Chris Lim, Sales Manager at chris@socotec.com.}  

Benefits of APEC Cross Border Privacy Rules (CBPR) and Privacy Recognition for Processors Systems (PRP) 

1. Reduce cost and time with a single and consistent set of privacy standards that facilitates international data flows and protection, 

2. Build trust and confidence by demonstrating commitment to data protection,  

3. Demonstrate to compliance of data protection to authorities, 

4. Assurance through third-party certification for validation of data protection systems. 

Why get audited with SOCOTEC Certification Singapore? 

SOCOTEC Certification Singapore has conducted audits since 1994 for various schemes and our auditors are qualified for various standards with national and international accreditations, therefore, we are pleased to extend our value-added audit services as well as other relevant international or national accredited management systems certification to you.