SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image

Cloudflare first to gain global certification for cross-border privacy

Wed, 4th Jun 2025

Cloudflare has received certification under two newly established international privacy standards designed to create uniformity in cross-border data protection.

The company announced it is among the first organisations to be certified under the Global Cross-Border Privacy Rules (Global CBPR) and the Global Privacy Recognition for Processors (Global PRP) systems.

These certifications were initiated by a forum of nine governments, including Australia, Canada, Japan, Mexico, the Republic of Korea, the Philippines, Singapore, Chinese Taipei, and the United States, with additional associate members from the United Kingdom, Bermuda, Mauritius, and the Dubai International Financial Centre.

The Global CBPR and Global PRP certifications allow organisations to voluntarily demonstrate adherence to data protection and privacy standards when transferring personal data across national borders. The certifications provide a framework for organisations to show that they have appropriate controls in place related to customer data.

Matthew Prince, Co-Founder and Chief Executive Officer at Cloudflare, said: "Running a global business is getting more and more complex."

"Global standards like the CBPR and PRP are important because they can establish clear, consistent guidelines around data privacy, and make it easier for organisations to scale and do business across borders. Cloudflare has a long history of putting privacy first – helping build new industry protocols, building it into our products by default, and now we're one of the first organisations to achieve these new global certifications."

The two certifications are aimed at bridging differences among various data protection laws globally and enabling companies to demonstrate compliance with an internationally recognised set of standards. Both the Global CBPR and Global PRP systems set out 50 requirements covering how personal data is collected, managed, and safeguarded.

These are based on nine guiding principles: preventing harm, notice, collection limitation, uses of personal information, choice, integrity of personal information, security safeguards, access and correction, and accountability.

Cloudflare's certifications come as countries implement increasingly fragmented privacy regulations. The goal of these new standards is to facilitate a harmonised approach to cross-border data management, benefiting consumers and businesses that operate internationally.

In addition to these new certifications, Cloudflare is already certified under ISO 27701 and ISO 27018, both of which provide guidelines for how organisations manage personally identifiable information in cloud environments.

The company is also verified as compliant with the EU Cloud Code of Conduct, an agreement acknowledged by regulators in all 30 European Economic Area countries.

The Global CBPR and Global PRP certifications are intended to support the safe, secure, and transparent transfer of personal data across international boundaries. Organisations that achieve these certifications can provide assurances to their customers and stakeholders that robust privacy practices are in place.

The nine governments that developed these standards intended to support a consistent approach to data privacy. Associate members such as the United Kingdom and others support the adoption and credibility of these certifications on a wider scale. The Global CBPR and Global PRP certifications present a practical response to increasing challenges posed by evolving regulatory requirements around the globe.

Cloudflare indicated that its own motivations for participating in the certifications process reflect both industry developments and customer expectations concerning data privacy in a cloud environment.

By aligning with international standards, the company signals its intention to facilitate trusted digital interactions and compliance for its global client base.

The new certifications are based on a system of rigorous requirements and principles, which set out the expectations of organisations regarding notification, control, use, security, and accountability in the handling of personal data. The CBPR Associate Members and the nine governments involved continue to promote adoption of these standards among global enterprises operating across jurisdictions.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X