Binding corporate rules
Encyclopedia
Binding Corporate Rules or "BCRs" were developed by the European Union
Article 29 Working Party
to allow multinational corporation
s, international organizations and groups of companies to make intra-organizational transfers of personal data across borders in compliance with EU Data Protection Law. The BCRs were developed as an alternative to the USA/EU Safe Harbor (which is for USA organizations only) and the EU Model Contract Clauses.
BCRs are required to be approved by the data protection authority in each EU Member State (such as the Information Commissioner's Office in the United Kingdom
) in which the organization will rely on the BCRs. The EU has developed a mutual recognition process under which BCRs approved by one member state's data protection authority (known as the "lead" authority) may be approved by the other relevant member states who may make comments and ask for amendments.
BCRs typically form a stringent, intra-corporate global privacy policy that satisfies EU standards and may be available as an alternative means of authorizing transfers of personal data (e.g., customer databases, HR information, etc.) outside of Europe.
BCRs should be seen as a framework having different elements (Internal legal agreement, Policies, training, audit, etc.) providing compliance with EU data protection regulations and effective Privacy / Data Protection.
The Article 29 Working Party issued several guidance documents on BCR content, acceptance criteria and submission process.
BCR's by themselves do not "authorize" all transfers automatically for all EU member states. Most of member states still require a formal "transfer notification" which is normally granted if the BCR has been accepted by the relevant country.
European Union
The European Union is an economic and political union of 27 independent member states which are located primarily in Europe. The EU traces its origins from the European Coal and Steel Community and the European Economic Community , formed by six countries in 1958...
Article 29 Working Party
Article 29 Working Party
The Article 29 Working Party is made up of a representative from the data protection authority of each EU Member State, the European Data Protection Supervisor and the European Commission...
to allow multinational corporation
Corporation
A corporation is created under the laws of a state as a separate legal entity that has privileges and liabilities that are distinct from those of its members. There are many different forms of corporations, most of which are used to conduct business. Early corporations were established by charter...
s, international organizations and groups of companies to make intra-organizational transfers of personal data across borders in compliance with EU Data Protection Law. The BCRs were developed as an alternative to the USA/EU Safe Harbor (which is for USA organizations only) and the EU Model Contract Clauses.
BCRs are required to be approved by the data protection authority in each EU Member State (such as the Information Commissioner's Office in the United Kingdom
United Kingdom
The United Kingdom of Great Britain and Northern IrelandIn the United Kingdom and Dependencies, other languages have been officially recognised as legitimate autochthonous languages under the European Charter for Regional or Minority Languages...
) in which the organization will rely on the BCRs. The EU has developed a mutual recognition process under which BCRs approved by one member state's data protection authority (known as the "lead" authority) may be approved by the other relevant member states who may make comments and ask for amendments.
BCRs typically form a stringent, intra-corporate global privacy policy that satisfies EU standards and may be available as an alternative means of authorizing transfers of personal data (e.g., customer databases, HR information, etc.) outside of Europe.
BCRs should be seen as a framework having different elements (Internal legal agreement, Policies, training, audit, etc.) providing compliance with EU data protection regulations and effective Privacy / Data Protection.
The Article 29 Working Party issued several guidance documents on BCR content, acceptance criteria and submission process.
BCR's by themselves do not "authorize" all transfers automatically for all EU member states. Most of member states still require a formal "transfer notification" which is normally granted if the BCR has been accepted by the relevant country.