New cross-border certification system agreed by APEC - DAC Beachcroft

New cross-border certification system agreed by APEC's Tags

Tags related to this article

New cross-border certification system agreed by APEC

Published 3 February 2015

Further to the introduction of the Cross Border Privacy Rules (CBPR) system, a data privacy sub-committee of the Asia Pacific Economic Cooperation (APEC) has agreed a new cross-border certification system for data processors called the ‘APEC Privacy Recognition for Processors’ (the PRP).

The PRP enables processors to demonstrate to their controllers that they comply with the privacy obligation under the CBPR, and enables controllers to more easily select processors that will be able to sufficiently protect their data.

The PRP consists of 17 programme requirements that must be implemented by a processor, such implementation to be reviewed and validated by ‘Accountability Agents’.

The PRP will mean that the CBPR will now cover both processors and controllers, thus broadening its appeal. It is expected that the PRP will be launched in August 2015 and it is hoped that many more companies will now want to become certified under the scheme.

More information on APEC’s e-Commerce activities is available here.

What action could be taken to manage risks that may arise from this development?

None – for information only at this stage, but financial services companies who operate in Asia Pacific should consider whether they wish their processors to participate in the scheme.

Related Expertise

Cyber risk


Rhiannon Webster

Rhiannon Webster

London - Walbrook

+44 (0)20 7894 6577

Hans Allnutt

Hans Allnutt

London - Walbrook

+44 (0) 20 7894 6925

< Back to articles