At the end of July, and so with only five months remaining until the end of the transition period, the European Data Protection Board (EDPB) issued an information note for companies that have the ICO as their lead authority as to the steps that they need to take in order to move their Binding Corporate Rules (BCR) application, or approved BCR, to an European Economic Area (EEA) supervisory authority (SA)(1).

The guidance reflects the rigorous stance of the EDPB in relation to BCR, and its clear message is that the top priority for any company that has the ICO as its lead authority is to set in motion as quickly as possible the move to a new EEA lead SA so that the formalities associated with the move may be completed before the end of the transition period.