Australia’s plan to participate in the APEC Cross Border Privacy Rules System signals growing importance of accountability-based data practices

Companies planning to expand their market into the Asia Pacific region should pay close attention to Australia’s recent announcement that it intends to participate in the APEC Cross-Border Privacy Rules (CBPR) system. It signals that accountability and effective data governance now form the basis for lawful data use and transfer across the globe and should serve as the backbone of all companies’ information governance practices.

The APEC CBPR system was developed by participating Asia Pacific Economic Cooperation countries (referred to in this context as “economies”) and designed to build consumer, business and regulator trust in the transfer of data. Participants in this process recognized early the importance of data to economic growth, particularly in emerging economies, and the critical role trust plays in maintaining the safe, unimpeded flow of that data. APEC includes 23 countries, and Australia would join the United States, Canada, Japan and Mexico as a formal participant in the CBPR system. More nations are expected to soon follow. This creates a legal infrastructure to support the protected movement of data across the region, bridging differences where privacy safeguards vary by country. Where there are no applicable domestic privacy protection requirements in a country, the APEC CBPR system is intended to provide a minimum level of protection.

At the core of the CBPR system, and the requirements of GDPR, is accountability. Both require that companies establish privacy policies to protect individuals and internal systems to make sure those policies are implemented and effective. They require companies to assess the risk their data collection and processing activities raise for individuals, and to mitigate those risks. They both operate on the premise that data controllers are responsible for the safe processing and storage of personal information, no matter where or by whom it is processed. Companies should take note of these developments in the APEC region. Around the globe, regulators (including those in the EU enforcing GDPR) will look for good data governance to support compliance and companies will look to organizations that have taken these steps when identifying vendors and business partners. Establishing privacy practices and data governance based on accountability is an essential step for all companies that collect, store and process data.

Achieved Compliance – helping you navigate the complex world of data compliance.

Through its software guided review and remediation process, education tools and representation services, Achieved Compliance makes it possible for companies to take all the steps needed for meaningful compliance that meets regulators’ expectations.

For more information as to how we can help your organization be GDPR compliant please contact