The Article 29 Working Party (WP29) has published updated guidelines on Binding Corporate Rules (BCRs) to reflect the requirements set out in the General Data Protection Regulation (GDPR). The two documents, which replace previous WP29 working papers (WP 153 and WP 195) and remain open for public consultation until January 17, 2018, are:
(i) Working Document setting up a table with the elements and principles to be found in Binding Corporate Rules (WP 256)
(ii) Working Document setting up a table with the elements and principles to be found in Processor Binding Corporate Rules (WP 257)
The two documents include tables setting out the elements and principles to be included in controller BCRs and processor BCRs. These tables have been amended specifically to:
Meet the requirements of Article 47 GDPR
- Clarify the necessary content of BCRs as stated in Article 47 GDPR
- Make the distinction between what must be included in BCRs and what must be presented to the competent supervisory authority in the BCRs application
- Give the principles the corresponding text references in Article 47 GDPR (for controller BCRs)
- Provide further guidance on each of the requirements
Both documents note that Article 47 GDPR is clearly modeled on the working documents relating to BCRs previously adopted by WP29. However, to ensure their compatibility with GDPR, Article 47 does specify new requirements to be considered for adopting new BCRs or updating existing ones.
Continue Reading Article 29 Working Party issues new guidelines for Binding Corporate Rules