The world of data privacy is moving fast, and staying ahead of international transfer requirements is more critical than ever. Recently, the Global Forum Assembly (GFA) released significant updates to the Global Cross-Border Privacy Rules (CBPR) Program Requirements (PR).
As a long-time leader in privacy certification, TrustArc is excited to welcome these changes, which are designed to make global data interoperability stronger and more reliable.
Why These Updates Matter
Since the Global CBPR System launched in 2025, it has continued to evolve to meet the challenges of our complex global data ecosystem. The latest update expands the framework from 50 to 57 Program Requirements, while also updating three existing standards.
These updates reflect the continued evolution of the Global CBPR System as a trusted privacy framework enabling data protection and cross-border data transfers across participating Member jurisdictions. These include its Members: Australia, Canada, Chinese Taipei, Japan, Mexico, the Philippines, the Republic of Korea (South Korea), Singapore, the United States, and the Dubai International Financial Centre (DIFC). Its Associate Members include: Bermuda, Nigeria, Mauritius, and the United Kingdom.
These changes focus on three core pillars: preventing harm, strengthening individual choice, and increasing organizational accountability.
Key Changes at a Glance
The updated System PRs introduce several enhanced measures that organizations must implement:
- Preventing Harm: New requirements focus on stronger protections for sensitive and children’s data. Organizations must now conduct formal risk assessments, implement mitigation procedures, and follow strict breach notification obligations for impacted individuals.
- Enhanced Choice: Individuals must be given clearer options for direct marketing. Companies are now required to document these preferences and provide easy mechanisms for individuals to withdraw consent.
- Greater Accountability: Organizations must maintain detailed records of processing activities. Additionally, there is a new emphasis on expertise; those responsible for privacy programs must possess appropriate professional qualifications.
Navigating the New Landscape with TrustArc
With nearly 30 years of experience, TrustArc was the first government-approved Accountability Agent for CBPR. Through our TRUSTe certification offerings, we help organizations navigate these government-backed international data transfer tools with confidence.
“The updates strengthen harm prevention, choice, and accountability for individuals while providing participating organizations a reliable and efficient framework to transfer data responsibly across borders.”
Noël Luke, Chief Assurance Officer at TrustArc
Whether you are looking to certify a new program or update an existing one, we are committed to helping you understand and adopt these new requirements. In an era of AI and rapid regulatory shifts, demonstrating compliance and building trust with regulators and consumers is no longer optional – it’s a competitive advantage.
Is your global data transfer strategy ready for 2026?
Elevate your brand’s international credibility by mastering the latest evolution in data privacy through TrustArc’s Global CBPR and PRP certifications.
Learn More About Global CBPR
