TrustArc, the pioneering privacy certification provider, welcomes the updated Global Cross-Border Privacy Rules (CBPR) Program Requirements (PR) released by the Global Forum Assembly (GFA). Through its TRUSTe certification offerings, TrustArc enables organizations to participate in this government-backed international data transfer tool. These updates expand and strengthen the certification framework, increasing the number of PRs from 50 to 57 and updating three existing PRs, available on the Global CBPR Forum website.
The updated System PRs outline enhanced measures organizations must implement to prevent harm, strengthen individual choice, and increase organizational accountability. These updates reflect the continued evolution of the Global CBPR System as a trusted privacy framework enabling data protection and cross-border data transfers across participating Member jurisdictions. These include its Members: Australia, Canada, Chinese Taipei, Japan, Mexico, the Philippines, the Republic of Korea (South Korea), Singapore, the United States, and the Dubai International Financial Centre (DIFC). Its Associate Members include: Bermuda, Nigeria, Mauritius, and the United Kingdom.
Marketing Technology News: MarTech Interview with Haley Trost, Group Product Marketing Manager @ Braze
Key updates to the Program Requirements include:
Preventing Harm: New requirements include introducing stronger protections for the processing of sensitive data and children’s data, risk assessments and mitigation procedures, and breach notification obligations for impacted individuals.
Choice: Organizations must provide individuals with clearer options regarding direct marketing communications, document individuals’ preferences, and implement mechanisms that allow individuals to withdraw consent for the processing of their personal data.
Accountability: The updates require organizations to maintain records of processing activities and emphasize that individuals responsible for privacy and data protection programs must possess appropriate expertise and qualifications.
Marketing Technology News: From Data to Impact: How AI is Transforming Interactive CTV Ads
“After its launch in 2025, the Global CBPR System is now evolving to meet the demands of an increasingly challenging and complex global data ecosystem,” said Noël Luke, Chief Assurance Officer at TrustArc. “The updates strengthen harm prevention, choice, and accountability for individuals while providing participating organizations a reliable and efficient framework to transfer data responsibly across borders. We at TrustArc are committed to helping our customers understand and adopt the new and updated Program Requirements and facilitating entry into the program for any new Participants.”
TrustArc has been a government-approved Accountability Agent in the APEC system since 2013 and under the Global system since its launch in 2025. With nearly 30 years of experience certifying privacy programs under global frameworks, TrustArc helps companies demonstrate compliance with domestic and international privacy standards, manage disputes with third parties, and build trust with regulators, vendors, partners, and consumers.
Write in to psen@itechseries.com to learn more about our exclusive editorial packages and programs.