Discover more global business opportunities with Global PRP System
In 2022, the Global CBPR Forum was established to develop an international certification system which promotes interoperability between different regulatory approaches to data protection and privacy. The Global CBPR Framework (2023) explains what this means in principle and practice. Its nine guiding principles reference the OECD’s Guidelines on the Protection of Privacy and Trans-Border Flows of Personal Data, and it includes guidance to assist Global CBPR Forum Members (“Members”) in implementing the framework in domestic approaches to data protection and privacy, as well as forum-wide arrangements for interpreting its cross-border elements.
Global PRP certification
The Global PRP certification was designed to help personal information processors demonstrate their ability to provide effective implementation of a controller’s data protection and privacy requirements. It also provides assurance that processing is consistent with a controller’s applicable requirements for processing under the Global CBPR System.
To become Global PRP certified, organisations must implement data protection, privacy policies and practices which meet the Program Requirements for all data collected or received that is within the scope of its certification.
The intake questionnaire for organisations considering certification and detailed program requirements are available here:
Who can apply?
Interested organisations (i.e. data intermediaries) that process data on behalf of the data controllers and which are subject to the laws of Singapore can apply for Global PRP certification. To be eligible, they must either be (1) formed or recognised under the laws of Singapore, or (2) resident, or having an office or a place of business, in Singapore, and in any case, not a public agency (as defined in the Personal Data Protection Act 2012).
Certification is also subject to organisations’ acceptance of the terms of agreement (447.24KB) of the Global PRP scheme.
Apply for the Global PRP certification here.
Certification costs
An application fee of S$545 (inclusive of GST) is payable to IMDA. Organisations applying for multiple certifications (i.e. DPTM, APEC CBPR and PRP, Global CBPR and PRP) in a single application process need only to pay the application fee once.
The assessment fee, payable to the assessment body, ranges and depends on the size of the organisation (e.g. annual sales turnover, number of sites, etc) and the assessment body engaged. For a more accurate cost, approach any of the assessment bodies listed below for a quotation.
Assessment body
The assessment body acts as an independent body to assess that an organisation’s data protection practices conform to the Global PRP requirements. An organisation may select any of the following assessment bodies:
Assessment body | Contact person | Contact no | |
---|---|---|---|
BSI Group Singapore | Shi Wei Ng | 6270 0777 9229 5747 / 9008 8952 |
DPTM@bsigroup.com |
EPI Certification Pte Ltd | May Cheow | 8823 3347 |
Audit-support@epi-certification.com may@epi-certification.com |
Guardian Independent Certification Pte Ltd | Baljit Singh | 6742 3075 / 8268 4464 | baljit.singh@gicgrp.com |
ISOCert Pte Ltd | Saju S Pillai Jean Poh |
9105 4718 9475 5120 / 6659 0810 |
saju@isocert.com.sg DP-Certifications@isocert.com.sg |
Setsco Services Pte Ltd | Elean Kwek Cindy Mae Dela Cruz |
6895 0669 9428 3210 9451 4718 |
eleankwek@setsco.com cindyvillafane@setsco.com maedcruz@setsco.com |
SOCOTEC Certification Singapore Pte Ltd | Chris Lim (Ms) | 6299 9001 / 6499 4707 | chris@socotec.com certints@singnet.com.sg |
TUV SUD PSB Pte Ltd | Nicole Tang Shyan Mariejorn Avila (MJ) |
8822 3172 9889 3163 |
Nicole.tang@tuvsud.com mariejorn.avila@tuvsud.com |
Resources
To learn more, explore the following resources:
Contact us
For questions, please refer to our FAQs or contact us at Data_Protection_Certifications@imda.gov.sg or 6377 3800.