APEC CBPR and PRP Privacy Certifications
Facilitate the compliant transfer of data among participating APEC economies
The Asia-Pacific Economic Cooperation (APEC) has designed the APEC Privacy Framework to provide an accountable approach to managing data privacy protection and the flow of personal information across borders.
Businesses can demonstrate their adherence to the APEC Privacy Framework by certifying their privacy practices to the following standards:
- Cross Border Privacy Rules (CBPR) System – which governs “data controller” privacy practices
- Privacy Recognition for Processors (PRP) System – which governs “data processor” privacy practices
TRUSTe, a subsidiary of TrustArc Inc, is a recognized Accountability Agent under the APEC CBPR and PRP Systems, able to certify your organization’s compliance with the APEC CBPR and PRP requirements.
TRUSTe’s APEC CBPR or PRP Certification
APEC CBPR for Data Controllers
For data controllers, the APEC CBPR Certification represents the requirements for businesses that control the collection, holding, processing, or use of personal data and that are interested in adhering to the voluntary framework to demonstrate its commitment to privacy.
APEC PRP for Data Processors
If your business operates as a data processor, the APEC PRP Certification represents the requirements you must meet in order to demonstrate your organization’s ability to assist data controllers in meeting relevant privacy compliance obligations.
Phases of Your APEC CBPR or PRP Certification
Assess Your Program’s Operations
Privacy assessments provide the information TRUSTe requires to understand and work with you to remediate compliance risks. Our expert team guides you through the process, utilizing our proven methodology and powerful technology.
Finalizing Your Certification
Based on the information gathered from the assessment, our team guides you through the remediation process, helping to ensure the required changes are completed.
Rely on us to help you remediate gaps in your privacy programs and validate that your privacy statements accurately reflect your privacy practices and are consistent with applicable standards.
Letter of Attestation
As proof of TRUSTe Certification, an official Letter of Attestation can be shared with your business partners, providing your organization with competitive differentiation.
TRUSTe APEC Seal
After completing the required changes, we authorize your use of the TRUSTe APEC CBPR or TRUSTe APEC PRP certification seal.
Ongoing Monitoring and Guidance
Searchable Audit Trail
All assessment work and supporting documentation is available in a searchable, central repository – providing a way to respond to inquiries and demonstrate compliance for internal/external audits.
Ongoing Monitoring and Guidance
Use our ongoing compliance monitoring throughout your certification term. Access privacy experts for ongoing policy guidance along with educational webinars, events, whitepapers, and research.
Our third-party dispute resolution services efficiently manage privacy inquiries from customers and address dispute handling compliance requirements.
Speed up time to compliance
Instead of spending time building policies, procedures, and documents from scratch, use our tailored suite of Operational Templates designed to help you prepare for certification and to cross specific documentation requirements off your list.
Need more documentation for other regulatory or program requirements such as CCPA or LGPD? We have over 1,000 templates for all of your privacy needs.
What is APEC?
Established in 1989, APEC is a forum for 21 Pacific Rim member economies that promotes free trade throughout the region.
Members include all countries with a coastline along the Pacific Ocean, including China, Japan, and the United States.
The 21 APEC members represent over 40% of the world’s population and over 60% of global GDP.
FTC is the Privacy Enforcement Authority for the United States’ participation in the APEC CBPR and PRP systems. Contact here.
Certification with a Recognized Accountability Agent
TRUSTe, a subsidiary of TrustArc, was unanimously approved to be the first Accountability Agent to certify data transfer practices under the CBPR framework for data controllers and the APEC PRP framework for data processors.
View examples of APEC CBPR and APEC PRP Certified companies.