For full functionality of this site it is necessary to enable JavaScript. Here are the instructions how to enable JavaScript in your web browser.

For Business

The ability to transfer information across country borders is a fundamental tool for business in the global economy. This can be particularly challenging as privacy laws differ from country to country, including some countries with significant transfer restrictions on personal information collected for normal business purposes. The APEC Cross Border Privacy Rules (CBPR) System helps bridge those differences by providing a single framework for the exchange of personal information among participating economies in the APEC region. 

There are currently six participating APEC CBPR System economies: USA, Mexico, Japan, Canada, Singapore, and the Republic of Korea with more expected to join soon. Additionally, the APEC Electronic Commerce Steering Group (ECSG) and the EU Article 29 Working Party have produced a common referential for the requirements of the APEC CBPR system and the EU Binding Corporate Rules. Further, the ECSG and the European Commission met in August 2017 to begin discussions on recognizing the CBPR System as a certification under the EU's General Data Protection Regulation.  

Only organizations currently certified by an APEC-recognized Accountability Agent may display a seal, trustmark, or otherwise claim to participate in the CBPR System. False representations of CBPR system participation may subject the organization to applicable law enforcement action.

How can the APEC CBPR System help your business?
The APEC CBPR System bridges differing national privacy laws within the APEC region, reducing barriers to the flow of information for global trade. Also, by promoting your business' adherence to an enforceable standard of best practices, you can demonstrate your commitment to consumer privacy.   


Interested in becoming APEC CBPR certified?
APEC CBPR certifications are conducted by APEC CBPR system recognised Accountability Agents, which certify that organisations comply with the CBPR Program Requirements. In the process, Accountability Agents will use either the CBPR Intake Questionnaire OR, if it is using its own approved procedures, another intake document. 

To be APEC CBPR certified, your company (or other entity) must be subject to the laws of one or more APEC CBPR System participating economies. There must also be at least one Accountability Agent offering its services in your participating economy or economies. There are currently six participating APEC economies: USA, Mexico, Japan, Canada, Singapore, and the Republic of Korea.

How can personal information processors demonstrate their accountability?
The APEC Cross Border Privacy Rules (CBPR) System, finalised in 2011, only applies to personal information controllers ("controllers"), as the APEC Privacy Framework (the Framework), pursuant to which the CBPR System was created, also applies only to controllers.
The Privacy Recognition for Processors (PRP) is designed to help personal information processors ("processors") demonstrate their ability to assist controllers in complying with relevant privacy obligations. The PRP also helps controllers identify qualified and accountable processors. The PRP intake questionnaire sets forth the baseline requirements of the PRP against which an APEC-recognised Accountability Agent will assess a processor seeking recognition. To receive such recognition, the processor must meet this set of requirements.
The PRP system was endorsed by APEC in February 2015. For more information about this System, please see the Purpose and Background document.

*The CBPR System covers transfer of information from CBPR-certified companies in participating economies, including onward transfers aligned with the company's privacy practices. Please note, companies may be subject to additional laws and regulations varying by economy.