Free tools and resources for Data Protection Officers!

Tag Archives for " BCR "

EDPB releases information note in the event of a “No-deal Brexit”

On February 12, 2019, the European Data Protection Board (“EDPB”) published two information notes to highlight the impact of a so-called “No-deal Brexit” on data transfers under the EU General Data Protection Regulation (“GDPR”), as well as the impact on organizations that have selected the UK Information Commissioner (“ICO”) as their “lead supervisory authority” for their “Binding Corporate Rules” (“BCRs”).

Source: EDPB releases information note in the event of a “No-deal Brexit”

Argentina DPA Issues Guidelines on Binding Corporate Rules

The Agency of Access to Public Information ( Agencia de Acceso a la Información Pública ) (“AAIP”) has approved a set of guidelines for binding corporate rules (“BCRs”), a mechanism that multinational companies may use in cross-border data transfers to affiliates in countries with inadequate data protection regimes under the AAIP.

Full article: Argentina DPA Issues Guidelines on Binding Corporate Rules

BCRs: ‘Best case route’ or ‘better call reinforcements’?

General Data Protection Regulation compliance was top of the list for many global corporate legal departments in 2018. As we plan for a world “post- GDPR” and set priorities for next year, what are appropriate next steps to strengthen a company’s privacy regime?

Full article: BCRs: ‘Best case route’ or ‘better call reinforcements’?

The Future of International Data Transfers

With the current focus on the coming into effect of the EU General Data Protection Regulation (GDPR), one could (almost) be forgiven for forgetting about the question of international data flows. However, given the political and legal developments currently affecting the future of international data transfers, that would be a very serious strategic mistake.

Read full article: The Future of International Data Transfers

WP29 brings Binding Corporate Rules in line with the GDPR

On February 6, 2018, the Article 29 Working Party (WP29) adopted updated guidelines on Binding Corporate Rules (“ BCRs “), which replace the previous WP29 working documents 153 and 195 on BCRs and Processor BCRs.

BCRs are one of the permitted data export solutions under European data protection law, allowing members of a corporate group that have committed to a binding and approved set of data protection rules to transfer personal data within their organization (including from inside the European Economic Area to outside of it).

Source: WP29 brings Binding Corporate Rules in line with the GDPR

Luxembourg DPA approves the BCR of PayPal

The PayPal Group has adopted Binding Corporate Rules, which define its global data protection policy with regard to international transfers of personal data. The purpose of these rules is to ensure that the same level of protection as in the EU is provided to employees and clients of PayPal when their personal data are transferred to entities within the same group located outside of the EU.

Source: The CNPD approves the BCR of PayPal — National Commission for Data Protection // Luxembourg

Will companies need to identify new lead supervisory authorities for their UK BCRs?

On Jan. 9, the European Commission’s Directorate-General for Justice and Consumers published a€œ “Notice to Stakeholders” on the intersection of Brexit and EU data protection rules. The guidance clarified, “€œTransfers based on approved standard data protection clauses or on binding corporate rules will not be subject to a further, specific authorisation from a supervisory authority.” One interpretation of this statement is that BCRs currently approved by the U.K. Information Commissioner’€™s Office will continue to be a compliant way to transfer data out of the EU after Brexit officially takes hold.

Source: Will companies need to identify new lead supervisory authorities for their UK BCRs?

UK Information Commissioner Publishes Advice on BCR Applications under the GDPR

On November 20, 2017, the UK Information Commissioner’s Office (“ICO”) published an article on its blog containing advice on applications for Binding Corporate Rules (“BCRs”) to comply with requirements under the EU General Data Protection Regulation (“GDPR”).

Source: UK Information Commissioner Publishes Advice on BCR Applications under the GDPR : : Privacy & Information Security Law Blog

Brexit may invalidate 1 in 4 BCRs … what to do?

Brexit has the potential to invalidate U.K. lead-authorized BCRs. If you don’t know: BCRs are a set of European data protection standards which enable private multinational companies to legally export data belonging to citizens of the European Economic Area (EEA) data.

Source: Brexit may invalidate 1 in 4 BCRs … what to do?

>