Binding Corporate Rules for processors available to use from 1 January 2013

Data processors will be able to make use of Binding Corporate Rules (BCRs) for processors from 1 January 2013 in order to facilitate international data transfers.

While the EU Data Protection Authorities’ Article 29 Data Protection Working Party decided to launch this system now, it says that using BCR for processors is not obligatory. This way of ensuring privacy in international transfers will, however, bring benefits to both processors and controllers. Once a BCR has been approved, there is no need to negotiate the safeguards every time a contract is entered into.

An application form for submitting a BCR for processors will be made available on the Working Party’s website as well as websites of the national Data Protection Authorities. The application procedure for BCRs for processors will be the same as the one for BCRs for controllers.

The EU DPA’s working document with a detailed description of BCRs for processors.

Everyone at Privacy Laws & Business wishes our readers a Happy New Year and we look forward to keeping you fully informed of data protection law developments during 2013.