APEC CBPR and PRP Privacy Certifications


Facilitate the compliant transfer of data among participating APEC economies

The Asia-Pacific Economic Cooperation (APEC) has designed the APEC Privacy Framework to provide an accountable approach to managing data privacy protection and the flow of personal information across borders.


Businesses can demonstrate their adherence to the APEC Privacy Framework by certifying their privacy practices to the following standards:

  • Cross Border Privacy Rules (CBPR) System – which governs “data controller” privacy practices
  • Privacy Recognition for Processors (PRP) System – which governs “data processor” privacy practices

TRUSTe, a subsidiary of TrustArc Inc, is a recognized Accountability Agent under the APEC CBPR and PRP Systems, able to certify your organization’s compliance with the APEC CBPR and PRP requirements.

TRUSTe’s APEC CBPR or PRP Certification

APEC CBPR for Data Controllers

For data controllers, the APEC CBPR Certification represents the requirements for businesses that control the collection, holding, processing, or use of personal data and that are interested in adhering to the voluntary framework to demonstrate its commitment to privacy.

APEC PRP for Data Processors

If your business operates as a data processor, the APEC PRP Certification represents the requirements you must meet in order to demonstrate your organization’s ability to assist data controllers in meeting relevant privacy compliance obligations.

Phases of Your APEC CBPR or PRP Certification

Assess Your Program’s Operations

Privacy assessments provide the information TRUSTe requires to understand and work with you to remediate compliance risks. Our expert team guides you through the process, utilizing our proven methodology and powerful technology.


Assessment Manager

Finalizing Your Certification

Based on the information gathered from the assessment, our team guides you through the remediation process, helping to ensure the required changes are completed.


Remediation Assistance

Rely on us to help you remediate gaps in your privacy programs and validate that your privacy statements accurately reflect your privacy practices and are consistent with applicable standards.


Letter of Attestation

As proof of TRUSTe Certification, an official Letter of Attestation can be shared with your business partners, providing your organization with competitive differentiation.



After completing the required changes, we authorize your use of the TRUSTe APEC CBPR or TRUSTe APEC PRP certification seal.

Ongoing Monitoring and Guidance

Searchable Audit Trail

All assessment work and supporting documentation is available in a searchable, central repository – providing a way to respond to inquiries and demonstrate compliance for internal/external audits.


Ongoing Monitoring and Guidance

Use our ongoing compliance monitoring throughout your certification term. Access privacy experts for ongoing policy guidance along with educational webinars, events, whitepapers, and research.


Dispute Resolution

Our third-party dispute resolution services efficiently manage privacy inquiries from customers and address dispute handling compliance requirements.


Speed up time to compliance

Instead of spending time building policies, procedures, and documents from scratch, use our tailored suite of Operational Templates designed to help you prepare for certification and to cross specific documentation requirements off your list.


Need more documentation for other regulatory or program requirements such as CCPA or LGPD? We have over 1,000 templates for all of your privacy needs.

Operational Templates

What is APEC?

APEC History

Established in 1989, APEC is a forum for 21 Pacific Rim member economies that promotes free trade throughout the region.



Member Economies

Members include all countries with a coastline along the Pacific Ocean, including China, Japan, and the United States.



GDP Coverage

The 21 APEC members represent over 40% of the world’s population and over 60% of global GDP.




U.S. Authority

FTC is the Privacy Enforcement Authority for the United States’ participation in the APEC CBPR and PRP systems. Contact here.


Certification with a Recognized Accountability Agent

TRUSTe, a subsidiary of TrustArc, was unanimously approved to be the first Accountability Agent to certify data transfer practices under the CBPR framework for data controllers and the APEC PRP framework for data processors.


View examples of APEC CBPR and APEC PRP Certified companies.




APEC CBPR Privacy Certification



APEC PRP Privacy Certification Datasheet


Enable protected global expansion through APEC privacy certifications