APEC Cross Border Privacy Rules and Privacy Recognition for Processors Systems

Overview

The PDPA recognises the Asia Pacific Economic Cooperation (APEC) Cross Border Privacy Rules (CBPR) System and Privacy Recognition for Processors (PRP) System certifications as one of the modes for transfers of data overseas.

Based on a set of approved requirements developed under the APEC Privacy Framework, both systems establish a network of accountable organisations in participating APEC economies to facilitate trusted and seamless cross border flow of data in the digital economy. An overseas recipient that is CBPR- or PRP-certified is considered legally bound to provide comparable protection for the transferred personal data to the PDPA. Organisations in Singapore can easily transfer personal data to the overseas recipient without meeting additional requirements. 

APEC Cross Border Privacy Rules System

APEC CBPR Logo

The APEC CBPR System applies to organisations (data controllers) that control the collection, holding, processing, or use of personal data. The certification requires participating businesses to implement data privacy policies consistent with the APEC Privacy Framework and helps to bridge differing national privacy laws within the APEC region, reducing barriers to the flow of information for global trade. 

APEC Privacy Recognition For Processors System

APEC PRP Logo

The APEC PRP System was designed for organisations (data processors) who process data on behalf of client organisations (data controllers), to demonstrate their ability in providing effective implementation of a controller's privacy requirements. The certification provides assurance to data controllers that the processing of personal data is at least consistent with similar requirements under the APEC CBPR System. 

Both certifications would benefit organisations in the following ways:

  • Reduce cost and time with a single and consistent set of privacy standards that facilitates international data flows. 
  • Build trust and confidence by demonstrating a high-standard commitment to data protection among your business counterparts and customers.
  • Provide assurance to your organisation through third-party certification that improves and validates your data protection standards. 
  • Demonstrate good faith compliance to enforcement authorities.

Template contract clause for transfers of data to overseas recipients that hold CBPR or PRP certifications can be found here

The certification scheme is administered by the Info-communications Media Development Authority (IMDA). Find out more regarding the APEC CBPR System here and the APEC PRP System here.