Tag Archives for " BCR "

Luxembourg DPA approves the BCR of PayPal

The PayPal Group has adopted Binding Corporate Rules, which define its global data protection policy with regard to international transfers of personal data. The purpose of these rules is to ensure that the same level of protection as in the EU is provided to employees and clients of PayPal when their personal data are transferred to entities within the same group located outside of the EU.

Source: The CNPD approves the BCR of PayPal — National Commission for Data Protection // Luxembourg

Will companies need to identify new lead supervisory authorities for their UK BCRs?

On Jan. 9, the European Commission’s Directorate-General for Justice and Consumers published a€œ “Notice to Stakeholders” on the intersection of Brexit and EU data protection rules. The guidance clarified, “€œTransfers based on approved standard data protection clauses or on binding corporate rules will not be subject to a further, specific authorisation from a supervisory authority.” One interpretation of this statement is that BCRs currently approved by the U.K. Information Commissioner’€™s Office will continue to be a compliant way to transfer data out of the EU after Brexit officially takes hold.

Source: Will companies need to identify new lead supervisory authorities for their UK BCRs?

UK Information Commissioner Publishes Advice on BCR Applications under the GDPR

On November 20, 2017, the UK Information Commissioner’s Office (“ICO”) published an article on its blog containing advice on applications for Binding Corporate Rules (“BCRs”) to comply with requirements under the EU General Data Protection Regulation (“GDPR”).

Source: UK Information Commissioner Publishes Advice on BCR Applications under the GDPR : : Privacy & Information Security Law Blog

Brexit may invalidate 1 in 4 BCRs … what to do?

Brexit has the potential to invalidate U.K. lead-authorized BCRs. If you don’t know: BCRs are a set of European data protection standards which enable private multinational companies to legally export data belonging to citizens of the European Economic Area (EEA) data.

Source: Brexit may invalidate 1 in 4 BCRs … what to do?

>