Plug into more global business opportunities. These certifications facilitate how your business can seamlessly exchange personal data across APEC member economies while respecting privacy and security.
The APEC Privacy Recognition for Processors (PRP) System was designed for organisations (data processors) who process data on behalf of client organisations (data controllers), to demonstrate their ability in providing effective implementation of a controller’s privacy requirements. The PRP certification is based on 2 of the 9 principles of APEC Privacy Framework: Security Safeguards and Accountability.
To learn more:
Who can apply?
To be eligible, your organisation must be subject to the laws of Singapore.
Interested organisations (also known as data intermediaries) who process data on behalf of the data controllers can apply for APEC PRP. They should be either (1) formed or recognised under the laws of Singapore, or (2) resident, or having an office or a place of business, in Singapore, and in any case, not a public agency (as defined in the Personal Data Protection Act 2012).
Upon submission of the application, the Applicant Organisation is bound by the Terms of Agreement (758.72KB) of the APEC PRP.
To apply, click here.
Application fee* of $535 (inclusive of GST) is payable to IMDA. Assessment fee, ranges between $1,000 to $8,000 per entity, depending on the size of the organisation and the scope of the assessment required, plus prevailing GST, is payable to the Assessment Body.
To encourage organisations to take up more than one certification (i.e. DPTM, CBPR and PRP), one application fee of $535 (inclusive of GST) is payable to IMDA when organisations apply for multiple certifications in a single application process.
*Application fee is waived for SMEs till 30 Jun 2020.
The Assessment Body (AB) acts as an independent body to assess that an organisation’s data protection practices conform to the APEC CBPR requirements. An organisation may select any of the following three ABs:
PRP Certification Requirements and Support Details
The PRP certification is based on the APEC Privacy Framework which features 2 out of 9 privacy principles: Security Safeguards and Accountability. The framework was endorsed by 21 APEC economies to promote accountable and responsible transfers of personal information between the APEC economies.
Eligible organisations can consider applying to Enterprise Singapore (ESG) to seek support for some of the costs for APEC PRP certification and consultancy services. Details on the criteria and application process can be found below:
Professional Consultancy Services:
Organisations can refer to the List of Data Protection Service Providers if they wish to engage professional consultancy services to prepare them for the APEC PRP certification.