EDPB introduced a complaint template and updated recommendations on Binding Corporate Rules for Controllers to streamline cross-border data protection cases.
BCR
On July 22, 2020, the European Data Protection Board (the “EDPB”) adopted an information note (the “Note”) to assist organizations relying on Binding Corporate Rules (“BCRs”) for international personal data transfers, as well as supervisory authorities, in preparing for the end of the Brexit implementation period on December 31, 2020. The Note is provided specifically […]
On July 22, 2020, the European Data Protection Board (EDPB) released an information note on Binding Corporate Rules (BCRs), which provides guidance for groups of undertakings/enterprises which have the UK Information Commissioner’s Office (ICO) as their competent supervisory authority. As a consequence of Brexit, BCR holders having the ICO as their BCR Lead Supervisory Authority […]
On February 12, 2019, the European Data Protection Board (“EDPB”) published two information notes to highlight the impact of a so-called “No-deal Brexit” on data transfers under the EU General Data Protection Regulation (“GDPR”), as well as the impact on organizations that have selected the UK Information Commissioner (“ICO”) as their “lead supervisory authority” for […]
The Agency of Access to Public Information ( Agencia de Acceso a la Información Pública ) (“AAIP”) has approved a set of guidelines for binding corporate rules (“BCRs”), a mechanism that multinational companies may use in cross-border data transfers to affiliates in countries with inadequate data protection regimes under the AAIP. Full article: Argentina DPA […]
General Data Protection Regulation compliance was top of the list for many global corporate legal departments in 2018. As we plan for a world “post- GDPR” and set priorities for next year, what are appropriate next steps to strengthen a company’s privacy regime? Full article: BCRs: ‘Best case route’ or ‘better call reinforcements’?
With the current focus on the coming into effect of the EU General Data Protection Regulation (GDPR), one could (almost) be forgiven for forgetting about the question of international data flows. However, given the political and legal developments currently affecting the future of international data transfers, that would be a very serious strategic mistake. Read […]
On February 6, 2018, the Article 29 Working Party (WP29) adopted updated guidelines on Binding Corporate Rules (“ BCRs “), which replace the previous WP29 working documents 153 and 195 on BCRs and Processor BCRs. BCRs are one of the permitted data export solutions under European data protection law, allowing members of a corporate group […]
The PayPal Group has adopted Binding Corporate Rules, which define its global data protection policy with regard to international transfers of personal data. The purpose of these rules is to ensure that the same level of protection as in the EU is provided to employees and clients of PayPal when their personal data are transferred […]
On Jan. 9, the European Commission’s Directorate-General for Justice and Consumers published a “Notice to Stakeholders” on the intersection of Brexit and EU data protection rules. The guidance clarified, “Transfers based on approved standard data protection clauses or on binding corporate rules will not be subject to a further, specific authorisation from a supervisory authority.” […]
1 2