Tag Archives for " BCR "

WP29 brings Binding Corporate Rules in line with the GDPR

On February 6, 2018, the Article 29 Working Party (WP29) adopted updated guidelines on Binding Corporate Rules (“ BCRs “), which replace the previous WP29 working documents 153 and 195 on BCRs and Processor BCRs.

BCRs are one of the permitted data export solutions under European data protection law, allowing members of a corporate group that have committed to a binding and approved set of data protection rules to transfer personal data within their organization (including from inside the European Economic Area to outside of it).

Source: WP29 brings Binding Corporate Rules in line with the GDPR

Luxembourg DPA approves the BCR of PayPal

The PayPal Group has adopted Binding Corporate Rules, which define its global data protection policy with regard to international transfers of personal data. The purpose of these rules is to ensure that the same level of protection as in the EU is provided to employees and clients of PayPal when their personal data are transferred to entities within the same group located outside of the EU.

Source: The CNPD approves the BCR of PayPal — National Commission for Data Protection // Luxembourg

Will companies need to identify new lead supervisory authorities for their UK BCRs?

On Jan. 9, the European Commission’s Directorate-General for Justice and Consumers published a€œ “Notice to Stakeholders” on the intersection of Brexit and EU data protection rules. The guidance clarified, “€œTransfers based on approved standard data protection clauses or on binding corporate rules will not be subject to a further, specific authorisation from a supervisory authority.” One interpretation of this statement is that BCRs currently approved by the U.K. Information Commissioner’€™s Office will continue to be a compliant way to transfer data out of the EU after Brexit officially takes hold.

Source: Will companies need to identify new lead supervisory authorities for their UK BCRs?

UK Information Commissioner Publishes Advice on BCR Applications under the GDPR

On November 20, 2017, the UK Information Commissioner’s Office (“ICO”) published an article on its blog containing advice on applications for Binding Corporate Rules (“BCRs”) to comply with requirements under the EU General Data Protection Regulation (“GDPR”).

Source: UK Information Commissioner Publishes Advice on BCR Applications under the GDPR : : Privacy & Information Security Law Blog

Brexit may invalidate 1 in 4 BCRs … what to do?

Brexit has the potential to invalidate U.K. lead-authorized BCRs. If you don’t know: BCRs are a set of European data protection standards which enable private multinational companies to legally export data belonging to citizens of the European Economic Area (EEA) data.

Source: Brexit may invalidate 1 in 4 BCRs … what to do?

>