EU DPAs and APEC take a step towards mutual recognition of BCR/CBPR

The EU Data Protection Authorities and the Asia-Pacific Economic Cooperation (APEC) economies have issued a checklist on the requirements that companies need to consider when applying for authorization of Binding corporate Rules (BCR) and/or certification of APEC’s Cross-border Privacy Rules (CBPR).

The document will serve as an informal pragmatic checklist for organizations, and will facilitate the design and adoption of personal data protection policies compliant with each of the systems, the two bodies say.

The document, prepared jointly by APEC officials and the EU Art. 29 Data Protection Working Party, shows that there is considerable overlap between the two systems. Companies cannot achieve mutual recognition of both systems just by taking on-board the suggestions in this document, but it could serve as a basis for double certification.

The document was endorsed by APEC Senior Officials at their meeting of 27-28 February 2014, and the EU Data Protection Working Party adopted an opinion/working document on 26 February 2014.

See the checklist.