APEC Privacy Recognition for Processors (PRP) Certification

Plug into more global business opportunities.  These certifications facilitate how your business can seamlessly exchange personal data across APEC member economies while respecting privacy and security.


The APEC Privacy Recognition for Processors (PRP) System Singapore logo

The APEC Privacy Recognition for Processors (PRP) System was designed for organisations (data processors) who process data on behalf of client organisations (data controllers), to demonstrate their ability in providing effective implementation of a controller’s privacy requirements. The PRP certification is based on 2 of the 9 principles of APEC Privacy Framework: Security Safeguards and Accountability.

Singapore recognises the APEC CBPR and PRP certifications for overseas transfers of personal data under the PDPA. This means that organisations in Singapore can easily transfer personal data to the overseas certified recipient without meeting additional requirements.

  • Template contract clause for transfers of data to overseas recipients that hold CBPR or PRP certifications can be found here
  • Learn about the announcement here

The directory of PRP-certified organisations can be found here.

To learn more:

Who can apply?

To be eligible, your organisation must be subject to the laws of Singapore. 

Interested organisations (also known as data intermediaries) who process data on behalf of the data controllers can apply for APEC PRP. They should be either (1) formed or recognised under the laws of Singapore, or (2) resident, or having an office or a place of business, in Singapore, and in any case, not a public agency (as defined in the Personal Data Protection Act 2012). 

Upon submission of the application, the Applicant Organisation is bound by the Terms of Agreement (758.72KB) of the APEC PRP.

To apply, click here.

Certification Costs

Application fee of S$535 (inclusive of GST) is payable to IMDA.

Assessment fee, payable to the Assessment Body, ranges and depends on the size of the organisation (e.g. annual sales turnover, no. of sites, etc) and the Assessment Body you engaged. Please approach the Assessment Bodies listed in this website for a quotation to confirm the actual fee.

To encourage organisations to take up more than one certification (i.e. DPTM, CBPR and PRP), one application fee of S$535 (inclusive of GST) is payable to IMDA when organisations apply for multiple certifications in a single application process.

Assessment Body

The Assessment Body (AB) acts as an independent body to assess that an organisation’s data protection practices conform to the APEC PRP requirements. An organisation may select any of the following seven ABs:

Assessment Body Contact Person Contact No Email
BSI Group Singapore Stella Kong 6270 0777 DPTM@bsigroup.com
EPI Certification Pte Ltd May Cheow 8823 3347 Audit-support@epi-certification.com
Guardian Independent Certification Pte Ltd
Baljit Singh 6742 3075 / 8268 4464 baljit.singh@gicgrp.com
ISOCert Pte Ltd

Saju S Pillai

9105 4718


Jean Poh

9475 5120 / 6659 0810


Setsco Services Pte Ltd Dixon Ng 9795 9875 / 6895 0650 ngds@setsco.com
Laura Koh 6895 0659 laurakoh@setsco.com
SOCOTEC Certification Singapore Pte Ltd
Chris Lim (Ms) 6299 9001 / 6499 4707 chris@socotec.com
TUV SUD PSB Pte Ltd Erichsen Soong 8777 5844 dp_trustmark@tuvsud.com
Edmund Gan
6973 6764

For more information on how to be an assessment body, please refer to our information kit (324.47KB).

PRP Certification Requirements and Support Details

The PRP certification is based on the APEC Privacy Framework which features 2 out of 9 privacy principles: Security Safeguards and Accountability.  The framework was endorsed by 21 APEC economies to promote accountable and responsible transfers of personal information between the APEC economies.  

Funding Support:

Eligible organisations can consider applying to Enterprise Singapore (ESG) to seek support for some of the costs for APEC PRP certification and consultancy services. Details on the criteria and application process can be found below:

Interested organisations may refer to this Quick Guide on Enterprise Development Grant Application (225.83KB).  

Professional Consultancy Services:

Organisations can refer to the List of Consultancy Service Providers (under DPTM Requirements and Resources section) if they wish to engage professional consultancy services to prepare them for the APEC PRP certification.

Contact us

For questions, please refer to our FAQs.

For queries, please email Data_Protection_Certifications@imda.gov.sg or call 6377 3800.

Last updated on: 31 Mar 2023

Explore more