Cross Border Transfer Mechanisms : Binding Corporate Rules
Outside of consent and contract there are number of mechanisms that a company can use to transfer (cross border) personal data from the EU to outside of the EU. One of those mechanisms is Binding Corporate Rules (BCRs).
BCRs were developed by the Art. 29 Data Protection Working Party as a transfer mechanism that permits multinational groups to create a contractual instrument that corresponds to their specific data processing needs.
Application
(a) Must be uniform throughout organization.
(b) Must be enforceable by data subject.
(c) Must indicate clear cooperation with DPA (Data Protection Authority).
(d) Multinational companies must seek the approval of each DPA located in the country where the data is transferred from.
Pros
BCRs allow data transfers to entities located in third countries, irrespective of whether the country can provide for an adequate level of data protection or not.
Cons
BCRs do not apply to transfers to external sub-processors (outside of the group), so that adequate protection for transfers must be achieved by other legal means.
Attached you will find the BCRs planning tool kit.
Comments
Post a Comment
all comments to this blog are moderated