Canada: Published GCBPR and GPRP System Program Requirements and Intake Questionnaire

On 30 April 2024, the Global Cross-Border Privacy Rules (GCBPR) Forum published a document that specifies the certification requirements, which GCBPR-recognised accountability agents will use to assess companies seeking certification for the global privacy recognition for processors (GPRP) system. Accountability agents are responsible for receiving an applicant organisation's completed intake questionnaire and verifying an applicant organisation's compliance with the requirements of the GPRP System. The questions include but are not limited to whether the applicant organisation implemented an information security policy that covers personal information processed on behalf of a controller, whether the applicant organisation implemented measures to detect, and whether the applicant organisation implemented processes to notify the controller of a privacy security breach.