APEC CBPR

The APEC CBPR System was developed by APEC economies to build consumer, business, and regulator trust in cross-border flows of personal data. The APEC CBPR System requires participating businesses to implement data privacy policies consistent with the APEC Privacy Framework and helps to bridge differing national privacy laws within the APEC region, reducing barriers to the flow of information for global trade.

The CBPR System applies to organizations (data controllers) that control the collection, holding, processing, or use of personal data and enables certified organizations across APEC economies to exchange personal data more seamlessly.

The APEC CBPR certification is based on the APEC Privacy Framework which features nine privacy principles: Accountability, Prevent Harm, Notice, Choice, Collection Limitation, Use of Personal Information, Integrity of Personal Information, Security Safeguards and Access and Correction. The framework was endorsed by 21 APEC economies to promote accountable and responsible transfers of personal information between the APEC economies.

Singapore recognizes the APEC CBPR and PRP certifications for overseas transfers of personal data under the PDPA. This means that organizations in Singapore can easily transfer personal data to the overseas certified recipient without meeting additional requirements.

Compliance Directory for CBPR can be found here