The German data protection commissioner has recently approved the Binding Corporate Rules (BCRs) of Deutsche Post DHL. This permits the company to transmit personal data internationally in accordance with its privacy policy without having to seek consent from data subjects on an individual basis.
What are Binding Corporate Rules?
BCRs are a set of rules adopted within a particular company or corporate group that provide legally binding protections for data processing within the company or group to cover global data transfers.
Advantages of Binding Corporate Rules
Under the Data Protection Act personal data cannot be transferred to countries outside of the EEA, unless the receiving country has adequate protection. To date only Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and Japan have been deemed “adequate” and US companies are accepted as having equivalent protections if registered under the Safe Harbor regime.
For large businesses with complex corporate structures and numerous cross border data transfers outside of the EU, BCRs can be a real alternative.
Disadvantages of Binding Corporate Rules
Currently only a small number of global companies have implemented BCRs as the rules have to be accepted by each individual EU country’s data protection commissioner. There is also a considerable cost involved and the whole procedure is time consuming and can last a number of years.
Help
Irene Bodle is an IT lawyer specialising in SaaS agreements with over 10 years experience in the IT sector. If you require assistance with any SaaS, ASP, software on demand contracts or any other IT legal issues contact me:
irene.bodle@bodlelaw.com
www.bodlelaw.com
To register for my newsletter click here
______________________________________________________
Other related articles:
- SaaS Agreements – Data Protection – New Proposed EU Rules Part 2
- SaaS Agreements – Data Protection – New Proposed EU Rules Part 1
- SaaS, ASP Agreement – Data Protection – Data Commissioner Imposes First Fines in UK
- SaaS, ASP Agreement – Data Protection – Data Commissioner Imposes Further Fines
- SaaS, ASP Agreement – Data Protection – Data Stored in the USA
- Website Legal Requirements – Data Commissioner Fines for unsolicited E-mails
- SaaS, ASP Agreements – FAQs – Data Protection
- SaaS, ASP Agreements – Data Protection, Sub-Contractors & Model Clauses
- SaaS, ASP Agreements – Data Protection – Liability for Loss of Backup Tapes
- SaaS, ASP Agreements – Data Protection and Safe Harbor, Issues with German Customers
- SaaS, ASP Agreements – Data Protection – Transfer of Data Outside the EEA
- SaaS, ASP Agreements – Essential Elements
- SaaS Agreements – SLAs Explained – Essential Elements
- SaaS Agreements – Need for an NDA Prior to Signing a SaaS Agreement
- SaaS, ASP Agreements – FAQs – Confidential Information
- SaaS, ASP Agreements – FAQs – Security
- SaaS, ASP Agreements – FAQs – Software Licence
- SaaS, ASP Agreements – FAQs – Source Code and Object Code
- SaaS, ASP Agreements – FAQs – Escrow
- Cloud Computing and the Legal Cloud
- SaaS, ASP Agreements, Software on Demand – Confused?