Canada: Published Global GCBPR and GPRP Systems Policies, Rules, and Guidelines

On 30 April 2024, the Global Cross-Border Privacy Rules (GCBPR) Forum published a document outlining the GCBPR and Global Privacy Recognition for Processors (GPRP) Systems, their core elements, governance structure and the roles and responsibilities of participating organisations, accountability agents, privacy enforcement authorities (PEAs), and GCBPR Forum Members. The GCBPR and GPRP Systems established a structured process to ensure that organisations meet specific data protection and privacy standards. This includes the adoption of data protection and privacy policies that align with the GCBPR System program requirements for all personal information within their certification scope. Likewise, participants in the GPRP system must adopt policies consistent with the GPRP System program requirements, especially concerning personal information processed on behalf of controllers. The certification process starts with a self-assessment using intake questionnaires, followed by a confidential compliance review by an accountability agent. Once verified, the organisation's certification details are published on the GCBPR Forum's website to enhance transparency.