New certifications reinforce Cloudflare’s commitment to privacy – demonstrating adherence to data protection standards in 39 jurisdictions around the world
Cloudflare, Inc. (NYSE: NET), the leading connectivity cloud company, today announced it is among the inaugural group of organizations officially certified under two new global privacy standards, the Global Cross-Border Privacy Rules (Global CBPR) and the Global Privacy Recognition for Processors (Global PRP) systems. These brand new certifications, launched by a forum of nine governments, allow organizations like Cloudflare to voluntarily demonstrate their commitment to data protection and privacy standards when moving personal data across borders. With these new certifications, organizations can trust that Cloudflare has audited controls and protections in place around customer data.
“Running a global business is getting more and more complex,” said Matthew Prince, co-founder and CEO at Cloudflare. “Global standards like the CBPR and PRP are important because they can establish clear, consistent guidelines around data privacy, and make it easier for organizations to scale and do business across borders. Cloudflare has a long history of putting privacy first – helping build new industry protocols, building it into our products by default, and now we’re one of the first organizations to achieve these new global certifications.”
The Global CBPR and Global PRP certifications were established by nine governments in the following locations: Australia, Canada, Japan, Mexico, the Republic of Korea, the Philippines, Singapore, Chinese Taipei, and the United States. The United Kingdom, Bermuda, Mauritius, and the Dubai International Financial Centre (DIFC) are CBPR Associate Members.
These two new certifications help to bridge varying data protection laws from around the world, and allow companies to demonstrate their compliance to an internationally-recognized standard. The Global CBPR and Global PRP are a set of data protection and privacy standards to support the safe and secure movement of personal data across borders and build trust with consumers and businesses alike. The certifications cover 50 requirements on how organizations should collect, manage, and safeguard personal information in their custody, based on nine guiding principles, including:
- Preventing Harm
- Notice
- Collection Limitation
- Uses of Personal Information
- Choice
- Integrity of Personal Information
- Security Safeguards
- Access and Correction
- Accountability
Cloudflare is also currently certified under ISO 27701 and ISO 27018, which establish guidelines for how organizations process personally identifiable information (PII) in public cloud environments; as well as being verified compliant to the EU Cloud Code of Conduct. The EU Cloud Code of Conduct is recognised under the GDPR in the 30 EEA countries (Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lichtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden).
To learn more, please visit the resources below:
- Global CBPR and Global PRP certifications: https://www.globalcbpr.org/privacy-certifications/
- Blog: Cloudflare meets new Global Cross-Border Privacy (CBPR) standards
- Cloudflare Trust Hub
About Cloudflare
Cloudflare, Inc. (NYSE: NET) is the leading connectivity cloud company on a mission to help build a better Internet. It empowers organizations to make their employees, applications and networks faster and more secure everywhere, while reducing complexity and cost. Cloudflare’s connectivity cloud delivers the most full-featured, unified platform of cloud-native products and developer tools, so any organization can gain the control they need to work, develop, and accelerate their business.
Powered by one of the world’s largest and most interconnected networks, Cloudflare blocks billions of threats online for its customers every day. It is trusted by millions of organizations – from the largest brands to entrepreneurs and small businesses to nonprofits, humanitarian groups, and governments across the globe.
Learn more about Cloudflare’s connectivity cloud at cloudflare.com/connectivity-cloud. Learn more about the latest Internet trends and insights at https://radar.cloudflare.com.
Follow us: Blog | X | LinkedIn | Facebook | Instagram
Forward-Looking Statements
This press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, which statements involve substantial risks and uncertainties. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expect,” “explore,” “plan,” “anticipate,” “could,” “intend,” “target,” “project,” “contemplate,” “believe,” “estimate,” “predict,” “potential,” or “continue,” or the negative of these words, or other similar terms or expressions that concern Cloudflare’s expectations, strategy, plans, or intentions. However, not all forward-looking statements contain these identifying words. Forward-looking statements expressed or implied in this press release include, but are not limited to, statements regarding Cloudflare’s compliance with global privacy certifications, including Global CBPR and Global PRP, the impact to Cloudflare and its customers if and when Cloudflare achieves privacy certifications, the benefits to customers from using Cloudflare’s products and technology, the expected functionality and performance of Cloudflare’s products and technology, Cloudflare’s global network, Cloudflare’s technological development, future operations, growth, initiatives, or strategies, and comments made by Cloudflare’s CEO and others. Actual results could differ materially from those stated or implied in forward-looking statements due to a number of factors, including but not limited to, risks detailed in Cloudflare’s filings with the Securities and Exchange Commission (SEC), including Cloudflare’s Quarterly Report on Form 10-Q filed on May 8, 2025, as well as other filings that Cloudflare may make from time to time with the SEC.
The forward-looking statements made in this press release relate only to events as of the date on which the statements are made. Cloudflare undertakes no obligation to update any forward-looking statements made in this press release to reflect events or circumstances after the date of this press release or to reflect new information or the occurrence of unanticipated events, except as required by law. Cloudflare may not actually achieve the plans, intentions, or expectations disclosed in Cloudflare’s forward-looking statements, and you should not place undue reliance on Cloudflare’s forward-looking statements.
© 2025 Cloudflare, Inc. All rights reserved. Cloudflare, the Cloudflare logo, and other Cloudflare marks are trademarks and/or registered trademarks of Cloudflare, Inc. in the U.S. and other jurisdictions. All other marks and names referenced herein may be trademarks of their respective owners.
View source version on businesswire.com: https://www.businesswire.com/news/home/20250603018882/en/
Contacts
Cloudflare, Inc.
Daniella Vallurupalli
Vice President, Head of Global Communications
press@cloudflare.com