Discover more global business opportunities with APEC PRP Certification
The APEC Privacy Recognition for Processors (PRP) System was designed for organisations (data processors) who process data on behalf of client organisations (data controllers), to demonstrate their ability in providing effective implementation of a controller’s privacy requirements. The PRP certification is based on 2 of the 9 principles of APEC Privacy Framework: Security Safeguards and Accountability.
APEC PRP certification
The PRP certification is based on the APEC Privacy Framework which features 2 out of 9 privacy principles: Security Safeguards and Accountability. The framework was endorsed by 21 APEC economies to promote accountable and responsible transfers of personal information between the APEC economies.
To become APEC PRP certified, organisations must implement data protection, privacy policies and practices which meet the Program Requirements for all data collected or received that is within the scope of its certification.
The intake questionnaire for organisations considering certification and detailed program requirements is available here:
Singapore recognises the APEC CBPR and PRP certifications for overseas transfers of personal data under the PDPA. This means that organisations in Singapore can easily transfer personal data to overseas certified recipients without meeting additional requirements. This recognition underscores Singapore's commitment to data privacy regulations and demonstrates its efforts to maintain the highest standards of data protection in the region.
Who can apply?
To be eligible, your organisation must be subject to the laws of Singapore.
Interested organisations (also known as data intermediaries) who process data on behalf of the data controllers can apply for APEC PRP. They should be either (1) formed or recognised under the laws of Singapore, or (2) resident, or having an office or a place of business, in Singapore, and in any case, not a public agency (as defined in the Personal Data Protection Act 2012). Certification is also subject to organisations’ acceptance of the terms of agreement (448.16KB) of the APEC PRP scheme.
Getting certified
Organisations seeking certification are to complete the PRP self-assessment form and then submit the form to any of the following IMDA appointed assessment bodies listed below.
The assessment body* acts as an independent body to assess that an organisation’s data protection practices conform to the APEC PRP requirements.
| Assessment body | Contact person | Contact no | |
|---|---|---|---|
| BSI Group Singapore | Shi Wei Ng |
6270 0777 9229 5747 / 9008 8952 |
DPTM@bsigroup.com |
| EPI Certification Pte Ltd | May Cheow | 8823 3347 |
Audit-support@epi-certification.com may@epi-certification.com |
| Guardian Independent Certification Pte Ltd | Baljit Singh | 6742 3075 / 8268 4464 | baljit.singh@gicgrp.com |
| ISOCert Pte Ltd |
Saju S Pillai Jean Poh |
9105 4718 9475 5120 / 6659 0810 |
|
| Setsco Services Pte Ltd |
Elean Kwek Cindy Mae Dela Cruz |
6895 0669 9428 3210 9451 4718 |
|
| SOCOTEC Certification Singapore Pte Ltd |
Chris Lim (Ms) |
6299 9001/ 6499 4707 |
|
| TUV SUD PSB Pte Ltd |
Nicole Tang Shyan Mariejorn Avila (MJ) |
8822 3172 9889 3163 |
The assessment fee, payable to the assessment body, ranges and depends on the size of the organisation (e.g. annual sales turnover, no. of sites, etc) and the assessment body engaged. For a more accurate cost, approach any of the assessment bodies listed above for a quotation.
*For more information on how to be an Assessment Body, please refer to our information kit (337.90KB).
Resources
To learn more:
- The directory of APEC PRP-certified organisations
- Global / APEC PRP Information Kit (325.07KB)
- IMDA’s Accountability Agent Participation Documents
- Other IMDA Data Protection Certifications:
- Data Protection Trustmark
- APEC Cross-Border Privacy Rules System
- Global Cross-Border Privacy Rules System
- Global Privacy Recognition for Processors System
Funding support:
Eligible organisations can consider applying to Enterprise Singapore (ESG) to seek support for some of the costs for APEC PRP certification and consultancy services. Details on the criteria and application process can be found below:
Interested organisations may refer to this Quick Guide on Enterprise Development Grant Application (256.46KB).
Professional consultancy services:
Organisations can refer to the List of Consultancy Service Providers (under DPTM Requirements and Resources section) if they wish to engage professional consultancy services to prepare them for the APEC PRP certification.
Contact us
For questions, please refer to our FAQs or contact us at Data_Protection_Certifications@imda.gov.sg or 6377 3800.
.webp)