Cloudflare earns new landmark global privacy certifications
Cloudflare, Inc., announced it is among the inaugural group of organizations officially certified under two new global privacy standards: the Global Cross-Border Privacy Rules (Global CBPR) and the Global Privacy Recognition for Processors (Global PRP) systems. These new certifications, launched by a forum of nine governments, allow organizations to demonstrate their commitment to data protection and privacy standards when moving personal data across borders.
“Running a global business is getting more and more complex,” said Matthew Prince, co-founder and CEO at Cloudflare. “Global standards like the CBPR and PRP are important because they can establish clear, consistent guidelines around data privacy and make it easier for organizations to scale and do business across borders."
The Global CBPR and Global PRP certifications were established by nine governments in the following locations: Australia, Canada, Japan, Mexico, the Republic of Korea, the Philippines, Singapore, Chinese Taipei, and the United States. The United Kingdom, Bermuda, Mauritius, and the Dubai International Financial Centre (DIFC) are CBPR Associate Members.
These two new certifications help to bridge varying data protection laws from around the world and allow companies to demonstrate their compliance to an internationally recognized standard. The Global CBPR and Global PRP are a set of data protection and privacy standards to support the safe and secure movement of personal data across borders and build trust with consumers and businesses alike.
The certifications cover 50 requirements on how organizations should collect, manage, and safeguard personal information in their custody, based on nine guiding principles, including:
-
Preventing Harm
-
Notice
-
Collection Limitation
-
Uses of Personal Information
-
Choice
-
Integrity of Personal Information
-
Security Safeguards
-
Access and Correction
-
Accountability
Cloudflare is also currently certified under ISO 27701 and ISO 27018, which establish guidelines for how organizations process personally identifiable information (PII) in public cloud environments, as well as being verified compliant with the EU Cloud Code of Conduct. The EU Cloud Code of Conduct is recognized under the GDPR in the 30 EEA countries (Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, and Sweden).
To learn more, please visit the resources below:
-
Global CBPR and Global PRP certifications: https://www.globalcbpr.org/privacy-certifications/