EDPB adopts Recommendations on the application for approval and on the elements and principles to be found in Controller Binding Corporate Rules

Nov 15, 2022

Source: European Data Protection Board

During its November plenary, the EDPB adopted Recommendations on the application for approval and on the elements and principles to be found in Controller Binding Corporate Rules (BCR-C). These recommendations form an update of the existing BCR-C referential, which contain criteria for BCR-C approval, and merge it with the standard application form for BCR-C. The new recommendations build upon the agreements reached by data protection authorities in the course of approval procedures on concrete BCR applications since the entering into application of the GDPR. The recommendations provide additional guidance and aim to ensure a level playing field for all BCR applicants. The recommendations also bring the existing guidance in line with the requirements in the CJEU’s Schrems II ruling.

BCR-Cs are a transfer tool that can be used by a group of undertakings or enterprises, engaged in a joint economic activity, to transfer personal data outside the European Economic Area to controllers or processors within the same group. BCRs create enforceable rights and set out commitments to establish a level of data protection essentially equivalent to the one provided by the GDPR.

The aim of these recommendations is to:

provide an updated standard application form for the approval of BCR-Cs;
clarify the necessary content of BCR-Cs and provide further explanation;
make a distinction between what must be included in a BCR-C and what must be presented to the BCR lead data protection authority in the BCR application;

A second set of recommendations for BCR-processors is currently being developed.

The recommendations will be subject to public consultation until 10 January 2023

Recent news

EDPB Launches Data Protection Guide for small business

The EDPB has launched a Data Protection Guide to help small business owners on their way to become more data protection compliant. The Guide aims to raise awareness about the GDPR and to provide practical information to SMEs about GDPR compliance in an accessible and...

read more

Europe Day 2023

Every year in early May we celebrate peace and unity in Europe through Europe Day, to commemorate the signing of the 'Schuman Declaration'. This year, on Saturday 6 May, the EU institutions invite you to a wide range of online and on-site activities across the EU...

read more
A look back at the Privacy Symposium 2023

A look back at the Privacy Symposium 2023

For the second time in a row, the EFDPO was one of the Key Partners of the Privacy Symposium in Venice – an international conference for data protection professionals and enthusiasts from around the world. Privacy Symposium aims to bring together data protection...

read more
Generated by Feedzy