The Global CBPR System
Published: Jun 2, 2025
Chris Lippert, Director of the Privacy Practice at Schellman, details the exciting news of the APEC Cross Border Privacy Rules (CBPR) system officially going global.
For those unfamiliar with the CBPR system, it’s a framework that enables organizations—whether acting as data controllers or processors—to demonstrate robust data protection policies and practices when transferring data across borders. Previously, participation in the system and the corresponding certifications was limited to participating APEC member economies. However, with this latest expansion, the program has evolved into the Global CBPR System, opening the door to countries and jurisdictions around the world for companies engaged in international operations.
For organizations already certified under the existing CBPR or its counterpart, the Privacy Recognition for Processors (PRP), the minimum certification standards remain unchanged, and all currently certified entities are automatically grandfathered into the new global framework.
As one of the accountability agents for the system in the US, Schellman is ready to help answer any questions you may have regarding the updated structure or requirements of the Global CBPR System. Whether you're looking to get certified or have questions about maintaining compliance, contact us today and we’ll get back to you shortly.
About Chris Lippert
Chris Lippert is a Director and Privacy Technical Lead with Schellman and is based in Atlanta, GA. With more than 10 years of experience in information assurance across numerous industries, regulations, and frameworks, Chris developed a passion for and concentration in data privacy. He is an active member of the International Association of Privacy Professionals (IAPP), holds his Fellow of Information Privacy (FIP) designation, and advocates for privacy by design and the adequate protection of personal data in today’s business world.