Processing personal data in Europe? New Binding Corporate Rules for data processors since 1 January 2013

more+
less-
more+
less-

On 1 January 2013, over 4 years after the idea was first discussed, new Binding Corporate Rules (BCRs) for data processors were launched following a meeting of European data protection authorities.

BCRs are internal codes of conduct which companies within a group can "sign up to" regarding data privacy and security to ensure that transfers of personal data outside of Europe will meet European rules on data protection. Whilst BCRs have been an option for data controllers to ensure compliant transfers from Europe for some time, the introduction of BCRs for processors have been welcomed with open arms by both data controllers and data processors alike.

As a result of this change, processors, such as IT outsourcing providers, cloud providers and data centre providers, who implement BCRs will be able to receive data in Europe from their controller clients and then transfer that data within their group, outside of Europe, whilst complying with European privacy rules. For processors who choose BCRs to ensure compliance, this development could significantly reduce managerial time (and paper) spent negotiating often complicated, data protection safeguards for each and every data processing activity they carry out, whilst also doing away with the supervision associated with such contracts once they are up and running. At the same time, this development offers controllers' clients comfort in the sense that controllers will be able to more simply demonstrate that their processing activities comply with European laws by pointing to an approved set of BCRs.

Whilst the use of BCRs for processors is not obligatory, it is expected that they will be widely utilised, particularly because processors will be able to take advantage of the mutual recognition application procedure, applying to one lead data protection authority in Europe to approve their BCR application.

In short, if you are processing data in Europe (or controlling and processing such data), this new, "hot of the press" development may offer the opportunity for considerable cost savings for your business, reduce managerial headaches and help you position yourself as a more attractive option to potential clients in a competitive marketplace.

Topics:  BCRs, Data Protection, EU Data Protection Laws

Published In: International Trade Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Pillsbury Global Sourcing Practice | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »