Discover more global business opportunities with Global CBPR Certification
In 2022 the Global CBPR Forum was established to develop an international certification system which promotes interoperability between different regulatory approaches to data protection and privacy. The Global CBPR Framework (2023) explains what this means in principle and practice. Its nine guiding principles reference the OECD’s Guidelines on the Protection of Privacy and Trans-Border Flows of Personal Data, and it includes guidance to assist Global CBPR Forum Members (“Members”) in implementing the framework in domestic approaches to data protection and privacy, as well as forum-wide arrangements for interpreting its cross-border elements.
Global CBPR certification
Global CBPR certification provides a simple and transparent way for organisations to demonstrate their commitment to data protection by showcasing their compliance with internationally-recognized data protection standards. It applies to organisations who are data controllers managing the collection, holding, processing and/or use of personal data.
To become Global CBPR certified, organisations must implement data protection, privacy policies and practices which meet the Program Requirements for all data collected or received that is within the scope of its certification.
The intake questionnaire for organisations considering certification and detailed program requirements are available here:
Who can apply?
Data controllers which are subject to the laws of Singapore can apply for Global CBPR certification. To be eligible, they must either be (1) formed or recognised under the laws of Singapore, or (2) resident, or having an office or a place of business, in Singapore, and in any case, not a public agency (as defined in the Personal Data Protection Act 2012). Certification is also subject to organisations’ acceptance of the terms of agreement (447.24KB) of the Global CBPR scheme.
Apply for the Global CBPR certification here.
Certification costs
An application fee* of S$545 (inclusive of GST) is payable to IMDA. Organisations applying for multiple certifications (i.e. DPTM, APEC CBPR and PRP, Global CBPR and PRP) in a single application need only pay the application fee once.
The assessment fee, payable to the assessment body, ranges and depends on the size of the organisation (e.g. annual sales turnover, no. of sites, etc) and the assessment body engaged. For a more accurate cost, approach any of the assessment bodies listed below for a quotation.
Assessment body
The assessment body acts as an independent body to assess that an organisation’s data protection practices conform to the Global CBPR requirements. An organisation may select any of the following assessment bodies:
Assessment body | Contact person | Contact no | |
---|---|---|---|
BSI Group Singapore | Shi Wei Ng | 6270 0777 9229 5747 / 9008 8952 |
DPTM@bsigroup.com |
EPI Certification Pte Ltd | May Cheow | 8823 3347 | Audit-support@epi-certification.com |
Guardian Independent Certification Pte Ltd | Baljit Singh | 6742 3075 / 8268 4464 | baljit.singh@gicgrp.com |
ISOCert Pte Ltd | Saju S Pillai Jean Poh |
9105 4718 9475 5120 / 6659 0810 |
saju@isocert.com.sg DP-Certifications@isocert.com.sg |
Setsco Services Pte Ltd | Elean Kwek Cindy Mae Dela Cruz |
6895 0669 9428 3210 9451 4718 |
eleankwek@setsco.com cindyvillafane@setsco.com maedcruz@setsco.com |
SOCOTEC Certification Singapore Pte Ltd | Chris Lim (Ms) | 6299 9001 / 6499 4707 | chris@socotec.com certints@singnet.com.sg |
TUV SUD PSB Pte Ltd | Nicole Tang Shyan Mariejorn Avila (MJ) |
8822 3172 9889 3163 |
Nicole.tang@tuvsud.com mariejorn.avila@tuvsud.com |
Resources
To learn more, explore the following resources:
- The directory of Global CBPR-certified organisations
- IMDA’s Accountability Agent Participation Documents
- Other IMDA Data Protection Certifications:
Contact us
For questions, please refer to our FAQs or contact us at Data_Protection_Certifications@imda.gov.sg or 6377 3800.