APEC Cross-Border Privacy Rules (CBPR) System
The APEC Cross-Border Privacy Rules (CBPR) System is a voluntary accountability-based framework for facilitating cross-border data flows among APEC economies while protecting personal information. Participating companies self-certify compliance with programme requirements, verified by APEC-recognised accountability agents. Based on the APEC Privacy Framework. Participating economies include US, Japan, Canada, South Korea, Australia, Singapore, and others. Being transitioned to the Global CBPR Forum.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (17)
Certification
| Code | Title |
|---|---|
| CBPR-10 | Accountability |
| CBPR-11 | Preventing Harm |
Complaints
| Code | Title |
|---|---|
| CBPR-12 | Privacy Recognition for Processors (PRP) |
Consent
| Code | Title |
|---|---|
| CBPR-04 | Choice |
Data Minimization
| Code | Title |
|---|---|
| CBPR-02 | Collection Limitation |
Data Quality
| Code | Title |
|---|---|
| CBPR-05 | Integrity of Personal Information |
Documentation
| Code | Title |
|---|---|
| CBPR-17 | Records of Processing and Documentation |
Governance
| Code | Title |
|---|---|
| CBPR-08 | Accountability |
| CBPR-18 | Global CBPR Forum Alignment |
Incident
| Code | Title |
|---|---|
| CBPR-16 | Regulator Cooperation and Enforcement |
Individual Rights
| Code | Title |
|---|---|
| CBPR-07 | Access and Correction |
Lifecycle
| Code | Title |
|---|---|
| CBPR-20 | Recertification and Monitoring |
People
| Code | Title |
|---|---|
| CBPR-15 | Recertification and Continuous Monitoring |
Purpose Limitation
| Code | Title |
|---|---|
| CBPR-03 | Uses of Personal Information |
Risk
| Code | Title |
|---|---|
| CBPR-09 | Preventing Harm |
Security
| Code | Title |
|---|---|
| CBPR-06 | Security Safeguards |
Third Party
| Code | Title |
|---|---|
| CBPR-19 | Vendor Management |
Transfers
| Code | Title |
|---|---|
| CBPR-13 | Cross-Border Transfer Safeguards |
| CBPR-14 | Complaint Handling and Redress |
Transparency
| Code | Title |
|---|---|
| CBPR-01 | Notice |
Maps to 1 other framework
Frequently Asked Questions
What is APEC Cross-Border Privacy Rules (CBPR) System?
APEC Cross-Border Privacy Rules (CBPR) System is a compliance framework from Asia-Pacific (APEC) with 17 domains and 20 controls. The APEC Cross-Border Privacy Rules (CBPR) System is a voluntary accountability-based framework for facilitating cross-border data flows among APEC economies while protecting personal information. Participating companies self-certify compliance with programme requirements, verified by APEC-recognised accountability agents. Based on the APEC Privacy Framework. Participating economies include US, Japan, Canada, South Korea, Australia, Singapore, and others. Being transitioned to the Global CBPR Forum. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does APEC Cross-Border Privacy Rules (CBPR) System have?
APEC Cross-Border Privacy Rules (CBPR) System has 20 controls organised across 17 domains. The largest domains are Certification (2 controls), Governance (2 controls), Transfers (2 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does APEC Cross-Border Privacy Rules (CBPR) System map to?
APEC Cross-Border Privacy Rules (CBPR) System maps to 1 other compliance frameworks. The top mapping partners are GDPR (50% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with APEC Cross-Border Privacy Rules (CBPR) System compliance?
Start your APEC Cross-Border Privacy Rules (CBPR) System compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about APEC Cross-Border Privacy Rules (CBPR) System requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 20 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required