Expert Advice Community

Guest

Binding Corporate rules

  Quote
Guest
Guest user Created:   Dec 02, 2021 Last commented:   Dec 09, 2021

Binding Corporate rules

Appreciate your support to answer below questions 1. If a company is based in non-European country wants to transfer European data to non-European country, what are GDPR requirements 2. Does a company need to create binding corporate rules if it has only one branch 3. Is there any available approved binding corporate rules approved by authorities to be followed
0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Dec 09, 2021

If a company is based in non-European country wants to transfer European data to non-European country, what are GDPR requirements?


GDPR requirements for the transfer of data outside the EU are listed in Chapter V GDPR and require to the data controller to ensure that the level of data protection offered by the GDPR is not undermined. The steps are the following:
1. Verify if the destination country benefits from an adequate decision of the EU Commission. If so, you can proceed with the data transfer. Here you can find the countries with adequacy decisions: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
2. If the country importing EU data is not included you need to assess the security of the country and select another transfer mechanism like the Standard Contractual Clauses (SCC) which incorporates the requirements of the EU GDPR.  https://info.advisera.com/eugdpracademy/free-download/standard-contractual-clauses-annexes
 

Does a company need to create binding corporate rules if it has only one branch?


No, the mechanism of approval of Binding corporate rules is long and complex and requires approval from the Supervisory Authority or the European Commission. Usually, large multinational company groups require the approval of Binding Corporate Rules (BCR), while many companies (included large tech companies, like Google) prefer the Standard Contractual Clauses.

Is there any available approved binding corporate rules approved by authorities to be followed


Yes, I believe you can find it on the web, but the BCR adapts to the structure of the company, is tailored to the processing and transfers.

Here you can find more information about data transfer:
3 steps for data transfers according to GDPR https://advisera.com/eugdpracademy/knowledgebase/3-steps-for-data-transfers-according-to-gdpr/
EU GDPR Foundations Course: https://training.advisera.com/course/eu-gdpr-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 02, 2021

Dec 09, 2021