CIPL Q&A on Cross-Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) 2nd Edition

This document addresses some commonly asked questions about the APEC Cross-Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) systems.

The following questions are addressed in these FAQs:

1. What is APEC?
2. What are the APEC Cross-Border Privacy Rules (CBPR)?
3. Which APEC economies participate in the CBPR?
4. What is the APEC Privacy Recognition for Processors (PRP)?
5. How can companies become CBPR or PRP certified?
6. What are CBPR Program Requirements?
7. What is an “Accountability Agent”?
8. How do APEC economies join the CBPR and PRP systems?
9. Are the CBPR and PRP enforceable?
10. What is the APEC Cross-Border Privacy Enforcement Arrangement (CPEA)?
11. How do CBPR and PRP interact with domestic privacy laws?
12. What happens if companies don’t comply with their certification?
13. Why should companies seek CBPR or PRP certification?
14. How do CBPR help consumers?
15. How do CBPR help data protection authorities?
16. Can non-APEC economies join the CBPR and PRP systems?
17. Can companies based in non-APEC economies obtain CBPR and PRP certification?
18. Could there be interoperability between the CBPR and EU mechanisms like Binding Corporate Rules (BCR) and GDPR certifications?
19. Where can I find more information?

Download the Paper

Download Now