Global Cross Border Privacy Rules (Global CBPR) Certification

In 2022 the Global CBPR Forum was established to develop an international certification system which promotes interoperability between different regulatory approaches to data protection and privacy. The Global CBPR Framework (2023) explains what this means in principle and practice. Its nine guiding principles reference the OECD’s Guidelines on the Protection of Privacy and Trans-Border Flows of Personal Data, and it includes guidance to assist Global CBPR Forum Members (“Members”) in implementing the framework in domestic approaches to data protection and privacy, as well as forum-wide arrangements for interpreting its cross-border elements.

Global CBPR certification provides a simple and transparent way for organisations to demonstrate their commitment to data protection by showcasing their compliance with internationally-recognized data protection standards. It applies to organisations who are data controllers managing the collection, holding, processing and/or use of personal data.

To become Global CBPR certified, organisations must implement data protection, privacy policies and practices which meet the Program Requirements for all data collected or received that is within the scope of its certification.

The intake questionnaire for organisations considering certification and detailed program requirements are available here:

• Global CBPR Intake Questionnaire
• Global CBPR Program Requirements

Data controllers which are subject to the laws of Singapore can apply for Global CBPR certification. To be eligible, they must either be (1) formed or recognised under the laws of Singapore, or (2) resident, or having an office or a place of business, in Singapore, and in any case, not a public agency (as defined in the Personal Data Protection Act 2012). Certification is also subject to organisations’ acceptance of the terms of agreement (447.24KB) of the Global CBPR scheme.

Apply for the Global CBPR certification here.

An application fee* of S$545 (inclusive of GST) is payable to IMDA. Organisations applying for multiple certifications (i.e. DPTM, APEC CBPR and PRP, Global CBPR and PRP) in a single application need only pay the application fee once.

The assessment fee, payable to the assessment body, ranges and depends on the size of the organisation (e.g. annual sales turnover, no. of sites, etc) and the assessment body engaged. For a more accurate cost, approach any of the assessment bodies listed below for a quotation.

The assessment body acts as an independent body to assess that an organisation’s data protection practices conform to the Global CBPR requirements. An organisation may select any of the following assessment bodies:

To learn more, explore the following resources:

• The directory of Global CBPR-certified organisations
• IMDA’s Accountability Agent Participation Documents
• Other IMDA Data Protection Certifications:
• Data Protection Trustmark
• APEC Cross-Border Privacy Rules System
• APEC Privacy Recognition for Processors System
• Global Privacy Recognition for Processors System

For questions, please refer to our FAQs or contact us at Data_Protection_Certifications@imda.gov.sg or 6377 3800.