Building a common EU and UK BCR framework
12 December 2022
Hogan Lovells, London
Overview
Considering adopting Binding Corporate Rules for your organisation?
Date: Monday 12 December 2022
Times: 09.30 to 15.30
Location: Hogan Lovells, London
Type: In-person only
CPE Credits: up to 4
Objective: The main objective of this event is to identify differences between the current EU BCRs and the ICO’s new UK version, and to take the initiative to encourage the ICO and the European Data Protection Board (EDPB) to have harmonised BCR schemes with mutual recognition in a way that enhances the role of BCRs as a model for global data protection.
The starting point is the ICO’s new approaches to BCRs published on 25 July, so we need to understand what is new and what has changed. The ICO regards BCRs as “the gold standard” and declares “Using them demonstrates …. commitment to implementing appropriate safeguards.” To what extent is the new approach simpler and less time-consuming?
In parallel, the EDPB is seeking to refresh its own approach to BCR authorisations in order to hopefully streamline the process further, while in the UK, the Government is looking at the most appropriate model to facilitate international data flows in a way that still provides for the protection of personal data.
Issues to be discussed will include, does the ICO’s new approach respond sufficiently to the common view that BCRs are very time-consuming and expensive? What should be further improved so that BCRs can more easily be adopted by far more organisations? What needs to be done to achieve compatible UK and EU BCR schemes?
The output from this event will be a memo to policy makers and regulators which will be drafted by host firm lawyers, in cooperation with Privacy Laws & Business, and provide a record of the participants’ policy recommendations. The rationale is that companies would much prefer one set of BCRs to cover transfers from both the European Economic Area and the UK. This paper will not attribute comments to individuals nor their organisations but provide their sector if relevant to the context. This memo will also be sent to all the participants, in both draft for comments and final form, so they know that their substantive views have been recorded and submitted to the relevant parties.
Programme | |
09.30 | Registration |
10.00 |
A new UK perspective on BCRs
Speakers:
Chair: Stewart Dresner, Founder and Chief Executive, Privacy Laws & Business |
11.30 | Break |
11.45 |
Building a common EU and UK BCR framework
Speakers:
Chair: Stewart Dresner, Founder and Chief Executive, Privacy Laws & Business |
13.15 | Lunch |
14.00 |
Confidential exchange of practical experience This session will allow companies and lawyers, without ICO participation, to confidentially discuss and share experience on applying for and using BCRs. This will help ensure a problem-solving approach to drafting the Memo to the ICO and practical action points. |
15.30 | Close |