Applying Binding Corporate Rules in transfers of data
As of 1 October 2015 Binding Corporate Rules (BCR) have to be applied. What is BCR? Internal rules adopted by a multinational group of companies which define its global policy with regard to the international transfers of personal data within the same corporate group to entities located in countries which don’t provide an adequate level of protection (article 26 (2) of the Directive 95/46/CE). Once approved under the EU cooperation procedure, BCR provide a sufficient level of protection. For an adequate level of protection, the rules must contain the obligation to comply with the BCR and basic principles of data protection, third party rights, damages rules for the case the BCR are infringed and tools that ensure its efficiency. Companies need to have their compliance with BCR checked with both internal and external audits. Data protection authorities have the right to revoke the BCR approval if a company doesn’t cooperate. It is the company’s task to ask for the authorities’ approval of the BCR and the company has to pay a fee for having their BCR approved. Companies’ applications for approval have to contain the data affected by data management, the BCR plan and the data verifying the binding nature of the BCR.
Related news
Related news
The benefits of ESG are slowly emerging
The number of people interested in the new ESG regulation,…
Read more >The latest issue of Trade magazin is out now!
This time the digital version has been extended to 184…
Read more >Industrial production has decreased in Hungary: the NGM urges the reduction of German dependence
According to the latest data of the Central Statistical Office…
Read more >