Binding Corporate Rules Data Processing Agreement

One problem that was raised in AP 74 and which has proven to be a problem in practice is that, in some Member States, national law does not allow the concept of unilateral declarations. On this basis, some applications are structured to address how the BBC is binding across the group. In these cases, the applicant may be required to find an alternative solution, which may be imposed by the legislation of the Member State concerned, to meet this requirement. This is the type of issue that will have been discussed with the data protection authority before a request is distributed as part of the cooperation process. CSC is well suited to organizations that are likely to participate in data sharing between the two parties and internal transfers of personal data for which processing is easy. You must choose a data protection authority (DPD) as your lead authority. Your choice of the leading authority depends on the location of your company`s headquarters in the European Union or the location in Europe of the part of your company that is best placed to take responsibility for global data protection compliance. The detailed criteria for choosing the lead authority are included in the group`s contributions (see below). In addition to its function as a transmission mechanism.

BCRs offer several advantages to business groups. It is a way to formalize and publicize the group`s privacy management program. In order to show regulators, employees, customers and partners that the organization takes responsibility for the security of personal data and allows transparency by indicating how it processes data within the group. He puts everyone on the same side! After compliance, BCRs help promote a culture of safe and responsible data usage across the group. Step 2: If binding business rules are the guarantee of choice, the process to be followed must be in accordance with the RGPD. Although companies may have relied on BBCRs prior to the PDMP, changes have been made to the process and companies should be up to date with the process and carry out the necessary revisions to maintain compliance with the RGPD. Monique Magalhaes is DP`s leader and moderator for data protection and information governance at Galaxkey, a company specializing in data protection and security solutions. She is a researcher, author of technology and security. Compelling business rules or BCRs are not new.

However, with the RGPD, the attractiveness of having binding business rules is much higher than for international organizations, which greatly facilitates cross-border data transmission.

Comments are closed.