APEC Privacy

Certification Programs

The APEC Cross-Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) systems are internationally recognized data privacy certifications available to U.S. organizations and their global subsidiaries. As an approved Accountability Agent, BBB National Programs works one-on-one with your business to demonstrate compliance with established data privacy standards. Both certifications (CBPR for data controllers and PRP for data processors or vendors) are backed by BBB National Programs’ commitment to delivering independent accountability for your privacy promises.

Start your Data Privacy Certification Now

Get Certified

Program Impact

Through the APEC systems, certified businesses commit to an achievable compliance mechanism backed by their Accountability Agent and participating governments, ensuring that enhanced privacy protections apply to personal information, even when it moves across borders.

Consistent Protections

APEC certifications help participants implement strong baseline protections in support of a global approach to privacy program management.

Consumer Empowerment

Certified companies provide consumers with the opportunity to access and correct their personal data, no matter where they live.

Complaint Resolution

Privacy commitments are backed by transparent dispute resolution procedures endorsed by the 21 APEC member economies, trusted by consumers and businesses.

"APEC CBPR and PRP are important certifications that enable businesses of all sizes to demonstrate their commitment to safe and accountable personal data handling no matter where in the world the processing is taking place."

-Harvey Jang, Vice President and Chief Privacy Officer for Cisco Systems, Inc.

The Privacy Certifications

BBB National Programs offers different APEC Certifications, depending on the role your business plays with respect to the personal data covered under the certification.

Cross-Border Privacy Rules (CBPR) Certification

Businesses that collect personal data choose certification in the APEC Cross-Border Privacy Rules system to demonstrate compliance with APEC standards relating to their data privacy practices. Apply Now

Privacy Recognition for Processors (PRP) Certification

U.S. vendors* that process personal data choose certification in the APEC Privacy Recognition for Processors system to demonstrate compliance with APEC standards relating to their data privacy practices. Apply Now

*If you are a vendor headquartered outside the U.S., see our separate Vendor Privacy Program.

Requirements & Procedures

Businesses with a BBB National Programs APEC Certification make a public commitment that their data protection policies and practices will meet the privacy standards specified in the Program Requirements. Participating governments established these standards with input and assistance from industry and civil society.

Application to Serve as Accountability Agent

View Application

Joint Oversight Panel Recommendation Report

View Approval

CBPR Program Requirements

Learn More

PRP Program Requirements

Learn More

Dispute Resolution Procedures

Read the Rules

What Sets BBB National Programs Certifications Apart?

Service & Engagement

From onboarding through the certification lifecycle, BBB National Programs provides one-on-one support for businesses of all sizes. We are always at the ready to assist you, whether navigating your initial certification, advising on best practices, or keeping you up to date on the latest benefits and legal recognitions that your certifications may bring you. Global Privacy Division Services

Compliance & Monitoring

As your APEC-Approved Accountability Agent, BBB National Programs provides hands-on compliance assistance during certification and annual re-certification. We help your business align its privacy policies and practices with the substantive requirements of the CBPR and PRP Frameworks and we support your team in meeting ongoing administrative requirements. APEC Certifications

Trusted Dispute Resolution

Our transparent dispute resolution procedures are trusted by consumers and businesses because they facilitate speedy, seamless, and fair resolution of privacy concerns. Complaint Handling Process

How to Apply for APEC Privacy Certifications

CBPR Program

STEP 1: Confirm your company is eligible

Seeking certification for personal data you collect and process for your own purposes (as a data controller)
Headquartered in the U.S.
Subject to the jurisdiction of the Federal Trade Commission

STEP 2: Submit the application form to BBB National Programs.

STEP 3: Review and refine relevant data privacy policies and practices with a BBB National Programs certification specialist to confirm that they meet CBPR Program Requirements

STEP 4: Receive your company’s customized findings report along with access to the BBB National Programs CBPR certification seal

Apply for CBPR

Get Started

PRP Program

STEP 1: Confirm your company is eligible

Seeking certification for personal data you process on behalf of others (as a data processor or vendor)
Headquartered in the U.S.
Subject to the jurisdiction of the Federal Trade Commission

STEP 2: Submit the application form to BBB National Programs.

STEP 3: Review and refine relevant data privacy policies and practices with a BBB National Programs certification specialist to confirm that they meet PRP Program Requirements

STEP 4: Receive your company’s customized findings report along with access to the BBB National Programs PRP certification seal

Apply for PRP

Get Started