Privacy Officers Network
08 July 2004
Cambridge, UK
Overview
How companies negotiate Binding Corporate Rules schemes with the EU Data Protection Authorities
Welcome and Introduction
Melanie Shillito, JPMorgan Chase & EPON chair
Binding Corporate Rules
Lokke Moerel, De Brauw Blackstone Westbroek, Amsterdam. Lokke has successfully negotiated BCR schemes with the Netherlands Data Protection Commissioner for five multinational companies, including Shell, Heineken and Philips Electronics.
- Introduction: Mitigating your business risks by adopting Binding Corporate Rules
- Difficulties in drafting the processing rules
- Transfers outside the group company
- Compelling business interests
- How do you make the rules "Binding"?
- a) Internally
- b) Externally
- Rules of private international law
- Additional rights and remedies
Outsourcing/Insourcing
- Ongoing monitoring / Compliance gaps
- Insourcing (the service provider angle)
- Developing outsourcing guidelines
- Assessing compliance at the vendor selection stage
Investigations/audits by data protection authorities
- Purpose behind inspection
- Inspection process
Subject Access Requests
- General issues (number and frequency of requests, duration of requests, staffing issues etc)
- Resolving problematic access requests