TRUSTe APEC CBPR and PRP Privacy Certifications

Demonstrate privacy compliance with TRUSTe APEC Cross-Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) Certifications.

The Asia-Pacific Economic Cooperation (APEC) CBPR framework is a voluntary, enforceable program designed to ensure the continued free flow of personal information across APEC member economy borders, while establishing meaningful protection for the privacy and security of personal information. It is the first framework approved for the transfer of personal data between all APEC member countries, with the U.S. being the first formal participant and the Federal Trade Commission (FTC) serving as the first enforcement authority.

APEC CBPR and PRP Certification

TRUSTe is an Accountability Agent approved to certify data transfer practices under the APEC Cross-Border Privacy Rules (CBPR) framework for data controllers, and the APEC Privacy Recognition for Processors (PRP) framework for data processors.

To view examples of APEC CBPR and APEC PRP Certified companies click here.

TRUSTe Certifications are conducted in three phases:

Assessment Phase

Privacy Assessments provide the information required to understand and remediate compliance risks. An experienced member of our Global Privacy Solutions team guides you through the process, utilizing our proven methodology and powerful technology.

Privacy Review

The first step is to define the assessment scope by business units, product/service lines, and digital properties (websites, apps, cloud platforms). A member of our Global Privacy Solutions team works with your team to efficiently guide discovery of necessary information, including relevant data flows and evaluation of your privacy policies and practices against relevant standards.

Findings Report

A findings report is delivered which includes a gap analysis, risk summary and remediation recommendations. The report outlines actionable steps required to achieve compliance.

TrustArc Assessment Manager Desktop

Certification Process

Based on the information gleaned from the assessment, the Global Privacy Solutions team guides you through the remediation process, helping to ensure required changes are completed.

Remediation Assistance

Rely on us to help you remediate gaps in your privacy programs, and validate that your privacy statements reflect your privacy practices and are consistent with applicable standards.

Letter of Attestation

As proof of TRUSTe Certification, an official Letter of Attestation can be shared with your business partners, providing your organization with competitive differentiation.


After completing the required changes, we authorize your use of the TRUSTe APEC certification seal.

Ongoing Monitoring and Guidance Phase

Searchable Audit Trail

All assessment work and supporting documentation is available in a searchable, central repository – providing a way to respond to inquiries and demonstrate compliance for internal / external audits.

Dispute Resolution

Access to our third-party dispute resolution service, which helps efficiently manage privacy inquiries from customers and addresses dispute handling compliance requirements.

Ongoing Monitoring and Guidance

Ongoing compliance monitoring is provided throughout the term of the agreement. Access to privacy experts is provided for ongoing policy guidance along with educational webinars, events, whitepapers, client advisories, privacy tips and research.

TRUSTe Privacy Feedback Button

External demonstration to consumers, business partners and regulators showing that your company uses TrustArc technology and tools to manage privacy-related questions or concerns. The Privacy Feedback Button may be placed on your digital Privacy Policy page, linking to a mechanism for consumers to submit questions or feedback.

For more information on the certification standards applicable to the APEC CBPR Certifications, please see here.

To view TRUSTe’s APEC CBPR and PRP accountability agent participation document, please see here.

To see all TRUSTe Certifications and Assurance Services, visit Demonstrate Compliance.

What is APEC?

APEC stands for the Asia-Pacific Economic Cooperation. Established in 1989, APEC is a forum for 21 Pacific Rim member economies that promotes free trade throughout the Asia-Pacific region. Members include all countries that have a coastline along the Pacific Ocean, including China, Japan, and the United States. The criterion for membership is that the member is a “separate economy”, rather than a country – which expands coverage and extends membership to economic regions such as Taiwan and Hong Kong. The 21 APEC members represent over 40% of the world’s population and over 60% of global GDP. APEC has instituted a wide range of programs to help promote free trade across the region, including developing the APEC Privacy Framework which is designed to provide an accountable approach to managing data privacy protection and the flow of personal information across borders. Businesses can demonstrate their adherence to the APEC Privacy Framework by certifying their privacy practices to the following standards: Cross Border Privacy Rules (CBPR) System – which governs “data controller” privacy practices; or Privacy Recognition for Processors (PRP) System – which governs “data processor” privacy practices. The Federal Trade Commission is the Privacy Enforcement Authority for the United States’ participation in the APEC CBPR and PRP systems and may be contacted here.

Click here to review the APEC CBPR Certification Program Requirements.

Click here to review the APEC PRP Certification Program Requirements.


APEC CBPR Privacy Certification Datasheet
APEC PRP Privacy Certification Datasheet
Enable safe global business expansion through APEC privacy-compliant data transfers.