Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

CBPR - Navigating Cross-Border Data Privacy Compliance

TrustArc
TrustArc

Just over a year ago, on 21 April 2022, seven economies, including Canada, Japan, the Republic of Korea, the Philippines, Singapore, Taiwan, and the USA, announced the launch of the Global CBPR Forum. Since then, Australia and Mexico have joined the Forum, marking a significant stride towards a global approach to data privacy cooperation. In this highly anticipated webinar, we explore the background, the future direction, and assess the potential business case for companies considering certification under the new Global CBPR System. As an Associate Member of the Forum, the UK has demonstrated a keen interest in joining this innovative system, making it the first country outside the APEC region to express such intent.

1 of 11
Download to read offline
© 2023 TrustArc Inc. Proprietary and Confidential Information. CBPR - Navigating Cross-Border Data Privacy Compliance
2 Speakers Joanne B. Furtsch Director, Privacy Intelligence Development, TrustArc Maciej Piszcz Manager, Quality Assurance, TrustArc
Agenda ○ Understanding the CBPR System ○ Key Components of the CBPR System ○ Comparing GDPR and CBPR System ○ How the CBPR System Works ○ The Global CBPR Forum ○ Q & A
Poll Time! Are you familiar with the Cross-Border Privacy Rules (CBPR) System and its implications for global data privacy cooperation?
5 Understanding the CBPR System ● Comprehensive Principles-Based Approach: ○ CBPR is built upon a comprehensive set of privacy principles, making it a robust framework for cross-border data transfers ○ These principles cover various aspects of data protection and security ● Accountability Agent: ○ Through CBPR system Accountability Agent works with companies to ensure that the privacy practices of participating companies meet the program requirements of PRP and / or CBPR ○ Certification by a third-party adds credibility and ensures impartial evaluation ● Implementing appropriate data protection ● Importance of free data flows and trade ● Encouraging accountability ● Promoting interoperability
6 Key Components of the CBPR System ● CBPR (Cross-Border Privacy Rules): CBPR is designed for data controllers (organizations that determine the purposes and means of processing personal data) to demonstrate their compliance with CBPR program requirements. ● PRP (Privacy Recognition for Processors): A key component of the CBPR System, PRP is designed for processors (organizations that process data on behalf of data controllers, corporate clients). It establishes a framework for assessing and certifying processor privacy practices and security safeguard. ● CBPR as a Data Transfer Mechanism: Companies can leverage CBPR certification to streamline data flows across jurisdictions while adhering to established privacy principles based on the globally recognized OECD Guidelines (Japan, Singapore, DIFC, Bermuda, USMCA). ● Enhancing Privacy Against Globally Recognized Principles: The CBPR System enables companies to demonstrate compliance with globally recognized privacy principles. ● Recognition from the State of Tennessee: As a mechanism to demonstrate that a privacy program is in place
7 Comparing GDPR and CBPR System CBPR Principles (GDPR vs. CBPR) GDPR CBPR 1 Access, Correction Data Subject Rights Access, Correction, Deletion 2 Collection Limitation Specified, explicit, legitimate purposes Collection limited to specific purposes 3 Use of Personal Information Data minimization The use limited to fulfill specified purposes of collection 4 Choice Consent - freely given, specific, informed and unambiguous indication of the data subject’s wishes (if applicable) Express consent for non compatible purposes.
8 How the CBPR System Works ● Building Privacy Programs with CBPR based on globally recognized framework ● Third-Party Accountability Agent ● Certification against CBPR Framework ● Strong Case for Processors ● PRP Example
The Global CBPR Forum ● Introduction to the Global CBPR Forum: The Global CBPR Forum seeks to support the free flow of data by providing an interoperable mechanism for effective data protection and privacy globally. ● Operationalizing Global CBPR Privacy Principles: The Forum will establish an international certification system based on the APEC CBPR and PRP systems. ● Seamless Transition to the Global CBPR System: The Global CBPR Forum emphasizes a seamless transition approach.
Q&A
Thank You! See http://www.trustarc.com/insightseries for the 2023 Privacy Insight Series and past webinar recordings. If you would like to learn more about how TrustArc can support you with privacy and data security compliance, please reach out to sales@trustarc.com for a free demo.

More Related Content

CBPR - Navigating Cross-Border Data Privacy Compliance

  • 1. © 2023 TrustArc Inc. Proprietary and Confidential Information. CBPR - Navigating Cross-Border Data Privacy Compliance
  • 2. 2 Speakers Joanne B. Furtsch Director, Privacy Intelligence Development, TrustArc Maciej Piszcz Manager, Quality Assurance, TrustArc
  • 3. Agenda ○ Understanding the CBPR System ○ Key Components of the CBPR System ○ Comparing GDPR and CBPR System ○ How the CBPR System Works ○ The Global CBPR Forum ○ Q & A
  • 4. Poll Time! Are you familiar with the Cross-Border Privacy Rules (CBPR) System and its implications for global data privacy cooperation?
  • 5. 5 Understanding the CBPR System ● Comprehensive Principles-Based Approach: ○ CBPR is built upon a comprehensive set of privacy principles, making it a robust framework for cross-border data transfers ○ These principles cover various aspects of data protection and security ● Accountability Agent: ○ Through CBPR system Accountability Agent works with companies to ensure that the privacy practices of participating companies meet the program requirements of PRP and / or CBPR ○ Certification by a third-party adds credibility and ensures impartial evaluation ● Implementing appropriate data protection ● Importance of free data flows and trade ● Encouraging accountability ● Promoting interoperability
  • 6. 6 Key Components of the CBPR System ● CBPR (Cross-Border Privacy Rules): CBPR is designed for data controllers (organizations that determine the purposes and means of processing personal data) to demonstrate their compliance with CBPR program requirements. ● PRP (Privacy Recognition for Processors): A key component of the CBPR System, PRP is designed for processors (organizations that process data on behalf of data controllers, corporate clients). It establishes a framework for assessing and certifying processor privacy practices and security safeguard. ● CBPR as a Data Transfer Mechanism: Companies can leverage CBPR certification to streamline data flows across jurisdictions while adhering to established privacy principles based on the globally recognized OECD Guidelines (Japan, Singapore, DIFC, Bermuda, USMCA). ● Enhancing Privacy Against Globally Recognized Principles: The CBPR System enables companies to demonstrate compliance with globally recognized privacy principles. ● Recognition from the State of Tennessee: As a mechanism to demonstrate that a privacy program is in place
  • 7. 7 Comparing GDPR and CBPR System CBPR Principles (GDPR vs. CBPR) GDPR CBPR 1 Access, Correction Data Subject Rights Access, Correction, Deletion 2 Collection Limitation Specified, explicit, legitimate purposes Collection limited to specific purposes 3 Use of Personal Information Data minimization The use limited to fulfill specified purposes of collection 4 Choice Consent - freely given, specific, informed and unambiguous indication of the data subject’s wishes (if applicable) Express consent for non compatible purposes.
  • 8. 8 How the CBPR System Works ● Building Privacy Programs with CBPR based on globally recognized framework ● Third-Party Accountability Agent ● Certification against CBPR Framework ● Strong Case for Processors ● PRP Example
  • 9. The Global CBPR Forum ● Introduction to the Global CBPR Forum: The Global CBPR Forum seeks to support the free flow of data by providing an interoperable mechanism for effective data protection and privacy globally. ● Operationalizing Global CBPR Privacy Principles: The Forum will establish an international certification system based on the APEC CBPR and PRP systems. ● Seamless Transition to the Global CBPR System: The Global CBPR Forum emphasizes a seamless transition approach.
  • 10. Q&A
  • 11. Thank You! See http://www.trustarc.com/insightseries for the 2023 Privacy Insight Series and past webinar recordings. If you would like to learn more about how TrustArc can support you with privacy and data security compliance, please reach out to sales@trustarc.com for a free demo.