Celltrion announced on Thursday that it has simultaneously obtained the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules system (APEC CBPR) and Global CBPR certifications, global personal data protection frameworks developed by the APEC. This marks the first time a South Korean biotech company has achieved these certifications.
The APEC CBPR is a global certification system designed to facilitate secure transfer and management of personal data among APEC member countries.
The Global CBPR, which Celltrion has also acquired, significantly expands the APEC CBPR framework. It establishes security standards more suitable for a global business environment, rather than being limited to specific regions. The Korea Internet & Security Agency (KISA) oversees the corporate assessment and certification issuance.
This certification is expected to serve as a fast-track option, streamlining or replacing the stringent personal data protection verification processes that countries or companies require during global technology transfers or joint research. Consequently, it should reduce administrative burdens and shorten negotiation periods.
In the biotech industry, personal data includes information about doctors, researchers, and other professionals participating in global clinical trials and joint research, as well as details about partner company representatives involved in transportation. As securing and managing this data is crucial for global business, enhanced security capabilities are seen as a key criterion for expanding global partnerships.
Notably, businesses operating in countries that recognize APEC CBPR certification as a means for transferring personal data abroad, such as Japan and Singapore, are expected to see significant reductions in local data review procedures.
Furthermore, the Global CBPR certification, obtained alongside the APEC CBPR, aims for a global universal data standard. This is expected to serve as a legal foundation for accelerating global business operations.
To achieve this certification, Celltrion successfully met evaluation criteria across 50 items. These included establishing a personal data protection system, managing the collection, use, and provision of personal data, ensuring data subjects’ rights, and implementing technical and managerial protective measures.
Through this process, Celltrion has gained international recognition for its robust and systematic personal data management capabilities.
The company aims to further strengthen its internationally trusted personal data management system, recognizing that data protection capabilities are increasingly viewed as a benchmark for corporate transparency and ethical standards in terms of the Environmental, Social, and Governance (ESG).
A Celltrion spokesperson stated that this certification is significant as it directly demonstrates the data trust capabilities in a complex global regulatory environment for personal data. It has laid the groundwork for removing legal barriers and expediting timelines in future global licensing agreements and joint research initiatives.
The spokesperson added that leveraging the established data governance, it will secure a competitive edge to swiftly execute the global business strategies.