Global CBPR tightens certification requirements to strengthen data protections

( March 24, 2026, 02:15 GMT | Official Statement) -- MLex Summary: The Global Cross-Border Privacy Rules system has updated its certification requirements to strengthen interoperability and privacy protections for cross-border data transfers, according to statements released Monday. Under the revised framework, companies will be required to implement measures reflecting the “prevent harm” principle, including enhanced accountability for processing sensitive and children’s data, as well as mandatory risk assessments and mitigation measures, and mandatory breach notification to affected individuals. As a result, the number of program requirements will increase from 50 to 57. The new requirements will apply from April 2027 to companies seeking new certification or recertification. The statements follow....

Prepare for tomorrow’s regulatory change, today

MLex identifies risk to business wherever it emerges, with specialist reporters across the globe providing exclusive news and deep-dive analysis on the proposals, probes, enforcement actions and rulings that matter to your organization and clients, now and in the longer term.

Know what others in the room don’t, with features including:

Daily newsletters for Antitrust, M&A, Trade, Data Privacy & Security, Technology, AI and more
Custom alerts on specific filters including geographies, industries, topics and companies to suit your practice needs
Predictive analysis from expert journalists across North America, the UK and Europe, Latin America and Asia-Pacific
Curated case files bringing together news, analysis and source documents in a single timeline

Experience MLex today with a 14-day free trial.

Start Free Trial

Already a subscriber? Click here to login

Global CBPR tightens certification requirements to strengthen data protections

Prepare for tomorrow’s regulatory change, today

Related Sections