fbpx

Download free GDPR compliance checklist!

Tag Archives for " BCR "

EDPB Adopts Information Note on BCRs in Preparation for Brexit

On July 22, 2020, the European Data Protection Board (the “EDPB”) adopted an information note (the “Note”) to assist organizations relying on Binding Corporate Rules (“BCRs”) for international personal data transfers, as well as supervisory authorities, in preparing for the end of the Brexit implementation period on December 31, 2020.

The Note is provided specifically for those groups of undertakings and enterprises that have the UK Information Commissioner’s Office (“ICO”) as the competent supervisory authority for their BCRs.

Source: EDPB Adopts Information Note on BCRs in Preparation for Brexit

EDPB clarifies Brexit obligations for holders of Binding Corporate Rules which have the UK ICO as their lead authority

On July 22, 2020, the European Data Protection Board (EDPB) released an information note on Binding Corporate Rules (BCRs), which provides guidance for groups of undertakings/enterprises which have the UK Information Commissioner’s Office (ICO) as their competent supervisory authority.

As a consequence of Brexit, BCR holders having the ICO as their BCR Lead Supervisory Authority (SA) need to identify a new BCR Lead SA in the EEA  and must amend their BCRs before the end of the Brexit transition period.

Source: EDPB clarifies Brexit obligations for holders of Binding Corporate Rules which have the UK ICO as their lead authority

EDPB releases information note in the event of a “No-deal Brexit”

On February 12, 2019, the European Data Protection Board (“EDPB”) published two information notes to highlight the impact of a so-called “No-deal Brexit” on data transfers under the EU General Data Protection Regulation (“GDPR”), as well as the impact on organizations that have selected the UK Information Commissioner (“ICO”) as their “lead supervisory authority” for their “Binding Corporate Rules” (“BCRs”).

Source: EDPB releases information note in the event of a “No-deal Brexit”

Argentina DPA Issues Guidelines on Binding Corporate Rules

The Agency of Access to Public Information ( Agencia de Acceso a la Información Pública ) (“AAIP”) has approved a set of guidelines for binding corporate rules (“BCRs”), a mechanism that multinational companies may use in cross-border data transfers to affiliates in countries with inadequate data protection regimes under the AAIP.

Full article: Argentina DPA Issues Guidelines on Binding Corporate Rules

BCRs: ‘Best case route’ or ‘better call reinforcements’?

General Data Protection Regulation compliance was top of the list for many global corporate legal departments in 2018. As we plan for a world “post- GDPR” and set priorities for next year, what are appropriate next steps to strengthen a company’s privacy regime?

Full article: BCRs: ‘Best case route’ or ‘better call reinforcements’?

The Future of International Data Transfers

With the current focus on the coming into effect of the EU General Data Protection Regulation (GDPR), one could (almost) be forgiven for forgetting about the question of international data flows. However, given the political and legal developments currently affecting the future of international data transfers, that would be a very serious strategic mistake.

Read full article: The Future of International Data Transfers

WP29 brings Binding Corporate Rules in line with the GDPR

On February 6, 2018, the Article 29 Working Party (WP29) adopted updated guidelines on Binding Corporate Rules (“ BCRs “), which replace the previous WP29 working documents 153 and 195 on BCRs and Processor BCRs.

BCRs are one of the permitted data export solutions under European data protection law, allowing members of a corporate group that have committed to a binding and approved set of data protection rules to transfer personal data within their organization (including from inside the European Economic Area to outside of it).

Source: WP29 brings Binding Corporate Rules in line with the GDPR

Luxembourg DPA approves the BCR of PayPal

The PayPal Group has adopted Binding Corporate Rules, which define its global data protection policy with regard to international transfers of personal data. The purpose of these rules is to ensure that the same level of protection as in the EU is provided to employees and clients of PayPal when their personal data are transferred to entities within the same group located outside of the EU.

Source: The CNPD approves the BCR of PayPal — National Commission for Data Protection // Luxembourg

Will companies need to identify new lead supervisory authorities for their UK BCRs?

On Jan. 9, the European Commission’s Directorate-General for Justice and Consumers published a€œ “Notice to Stakeholders” on the intersection of Brexit and EU data protection rules. The guidance clarified, “€œTransfers based on approved standard data protection clauses or on binding corporate rules will not be subject to a further, specific authorisation from a supervisory authority.” One interpretation of this statement is that BCRs currently approved by the U.K. Information Commissioner’€™s Office will continue to be a compliant way to transfer data out of the EU after Brexit officially takes hold.

Source: Will companies need to identify new lead supervisory authorities for their UK BCRs?

UK Information Commissioner Publishes Advice on BCR Applications under the GDPR

On November 20, 2017, the UK Information Commissioner’s Office (“ICO”) published an article on its blog containing advice on applications for Binding Corporate Rules (“BCRs”) to comply with requirements under the EU General Data Protection Regulation (“GDPR”).

Source: UK Information Commissioner Publishes Advice on BCR Applications under the GDPR : : Privacy & Information Security Law Blog

>