While companies work to comply with the General Data Protection Regulation (GDPR), the European law that takes effect on May 25, it is important to remember that countries in other parts of the world also are adopting new approaches to information privacy protection. Companies that plan to do business in new markets should take note of these and understand that the steps they take to comply with the GDPR – particularly with respect to accountability – can lay the groundwork for compliance in other regions.

On March 6, 2018, Singapore’s Ministry of Communications and Information announced that Singapore has joined the APEC Cross-border Privacy Rules (CBPR). The APEC CBPR system is an enforceable data protection code of conduct developed for businesses that supports the cross-border transfer of data throughout the 21 countries – referred to by APEC as economies – in the region. The CBPR system implements nine principles set forth in the APEC Privacy Framework. As in the case of the GDPR, accountability is a key component of the APEC system.

Singapore is the sixth APEC economy to join the CBPR system. The U.S., Mexico, Canada, Japan and South Korea already participate. The decision to join will mean that once the CBPR are fully operationalized in Singapore, organizations based in Singapore will be able certify to the CBPR and rely on them as a cross-border data transfer mechanism.

Singapore’s adoption of CBPR highlights the increasingly prominent role accountability plays in data protection regimes. Other APEC economies actively working toward joining the CBPR system include Australia, Chinese Taipei and the Philippines.

The expanded adoption of accountability in APEC and elsewhere means that the work companies undertake to comply with the EU’s GDPR can yield dividends far beyond Europe. The steps to put programs and processes in place that encourage privacy and responsible data use are increasingly necessary for companies that wish to transfer data in the APEC region. APEC, like GDPR, holds processors responsible for data protection, no matter by whom or where it is protected. And regulators in both regions will look for documentation of the steps companies take to implement these requirements.

Preparing for GDPR compliance should be a focus of all small and medium sized companies. But it is important to remember that GDPR is part of a bigger compliance picture, and that there are global payoffs awaiting companies who make the effort.


Achieved Compliance – helping you navigate the complex world of data compliance.

Through its software guided review and remediation process, education tools and representation services, Achieved Compliance makes it possible for companies to take all the steps needed for meaningful compliance that meets regulators’ expectations.

For more information as to how we can help your organization be GDPR compliant please contact info@achievedcompliance.com.