New approaches to Binding Corporate Rules – identical mechanisms sought in UK and EU

PL&B and Hogan Lovells has sent the European Data Protection Board a Memorandum on building a common EU and UK BCR framework. The following is the text of the Memo prepared by Eduardo Ustaran, Hogan Lovells, and Stewart Dresner, Privacy Laws & Business.

This memorandum reflects the collective views of the attendees at a workshop session organised jointly by Hogan Lovells and Privacy Laws & Business that took place in London on 12 December 2022. The aim of the workshop session was to identify differences between the current EU BCR approach and the ICO’s new UK version, and to take the initiative to encourage the EDPB and the ICO to have harmonised BCR schemes with mutual recognition in a way that enhances the role of BCR as a model for global data protection.

On 25 July 2022, the ICO published its new approach(1) to the assessment and authorisation of BCR, which is closely modelled on the text of Article 47 of the UK GDPR. The ICO regards BCR as “the gold standard” and declares that “using them demonstrates […] commitment to implementing appropriate safeguards.”

Continue Reading

International Report subscribers, please login to access the full article


If you wish to subscribe, please see our subscription information.