Download This PaperBCRs: ‘Best Case Route’ or ‘Better Call Reinforcements’?
3 Pages Posted: 14 Jun 2019
Date Written: November 27, 2018
Abstract
General Data Protection Regulation compliance was top of the list for many global corporate legal departments in 2018. As we plan for a world "post-GDPR" and set priorities for next year, what are appropriate next steps to strengthen a company’s privacy regime? Should a company react to worldwide privacy developments as they come, or is there a way to include biding corporate rules as part of a comprehensive and scalable privacy program?
Binding corporate rules are known as the “gold standard” for data protection. So far only 132 companies have obtained approved BCRs, which allows them to simplify transnational data flows, harmonize their data management and governance processes and, perhaps most importantly, stand out among peers and utilize privacy as a competitive differentiator. On the other hand, BCRs are not the right choice for all companies and have their disadvantages; notably a long, costly and potentially grueling approval process with the lead supervisory authority.
This article provides a high-level overview of BCRs and points out pros and cons to assist privacy professionals in developing a strategic approach to privacy, which may in certain cases include BCRs.
Keywords: Binding Corporate Rules, BCR, GDPR, Global Data Transfers, Trans-border Data Flows, Privacy Program, Global Compliance, Personal Data
Suggested Citation: Suggested Citation