28 March 2018

On 6 March 2018, the Personal Data Protection Commission (“PDPC”) announced that Singapore has become the sixth APEC economy to participate in the Cross-Border Privacy Rules System (“CBPR”) alongside USA, Mexico, Canada, Japan and the Republic of Korea, and the second APEC economy to participate in the Privacy Recognition for Processors System (“PRP”) alongside USA.

PDPC is developing the certification scheme and organisations can start applying for the CBPR (applicable to data controllers) and PRP (applicable to data processors) systems certification in 2019. Certified organisations in Singapore will then be able to exchange personal data with other certified organisations in participating APEC economies seamlessly. Consumers can also expect high standards of data protection in the cross-border transfer of their personal data.

The CBPR and PRP systems are multilateral certification mechanisms that require certified organisations to put in place data protection policies consistent with the APEC Privacy Framework. Together, the CPBR and PRP systems establish a harmonised set of data protection standards across the Asia-Pacific, facilitating data transfers for certified organisations across participating economies.

Reference materials

The following materials are available from the PDPC website www.pdpc.gov.sg:


Download PDF