Hewlett-Packard (HP) has become the first company to get approval under both the EU Binding Corporate Rules (BCRs) and Asia-Pacific Economic Cooperation's (APEC) Cross-Border Privacy Rules (CBPRs) systems. Seemingly, HP began this process as far back as 2003 when they began discussions with EU data protection authorities about these possibilities.
Dual certification was first introduced and agreed between the two regions in March 2014 at the IAPP Global Privacy Summit when the Article 29 Working Party (WP29) and APEC published a Referential showing the commonalities and variances between the two frameworks. The Referential provides a practical checklist of the elements necessary to get BCR authorisation from EU data protection authorities (DPA), and CBPRs certification from APEC's recognized Accountability Agents. The Referential "facilitates the design and adoption of personal data protection policies compliant with each of the systems". This is seen as a considerable step towards greater inter-operability in the transfer of data internationally.
Following HP's certification, Daniel Pradelles, HP's Privacy Officer for Europe, the Middle East and Africa, said “It’s really part of the long-term vision,”… "the BCR is really the glue, putting together all the different modules necessary for a company".
It will be interesting to see how many other companies will follow HP's lead in seeking such approval under both systems.