KISA CBPR

Korea implemented the APEC CBPR(Cross-Border Privacy Rules) system in 2022 and currently operates both the APEC CBPR and the Global CBPR Forum system.

The Personal Information Protection Commission(PIPC) is the privacy enforcement authority overseeing the operation of the CBPR system while the Korea Internet & Security Agency(KISA) serves as the Accountablity Agent responsible for conducting CBPR certification assessments.

※ Cover sheet(URL, TBC)

In Korea, CBPR certification aseessments are conducted for data controllers who hold data processing ownership across the entire scope of the certification assessment they apply for. Public institutions are excluded.

CBPR certification fees are temporarily exempted until 2025, with plans to impose fees thereafter.

Although CBPR certificatin is not currently recognized under Korea’s Personal Information Protection Act as a data protection certification or a legal mechanism for cross-border data transfers, domestic companies show strong interest in CBPR as a means to demonstrate reliability in personal data processing for global business.

Should any of the CBPR-certified organizations listed the directory be found to be non-compliant with the 50 CBPR program requriements, Please report the matter to the following contact point : cbpr@kisa.or.kr, contactpipc@korea.kr