EDPB Adopts Guidance on Controller Binding Corporate Rules

10 months ago AndyC

Listen to this post

On June 30, 2023, the European Data Protection Board (“EDPB”) published

EDPB Adopts Guidance on Controller Binding Corporate Rules
Listen to this post

On June 30, 2023, the European Data Protection Board (“EDPB”) published Recommendations 1/2022 on the Application for Approval and on the elements and principles to be found in Controller Binding Corporate Rules (Art. 47 GDPR) (the “Recommendations”), which were adopted on June 20, 2023. Binding corporate rules (“BCRs”) are a mechanism for transferring personal data to third countries in accordance with Chapter V of the EU General Data Protection Regulation (“GDPR”), and must be approved by the relevant organization’s lead supervisory authority. BCRs create enforceable rights and set out commitments in order to create, for the personal data transferred under the BCRs, a level of protection essentially equivalent to that provided by the GDPR.

The purpose of the Recommendations is to:

  • Provide a standard form for the application for approval of BCRs for controllers (“BCRs-C”);
  • Clarify the necessary content of BCRs-C as stated in Article 47 of the GDPR;
  • Make a distinction between what must be included in BCRs-C and what must be presented to the BCR’s lead supervisory authority in the application; and
  • Provide explanations and comments on the requirements.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , ,

More Stories

Nebraska Enacts Comprehensive State Privacy Law

Nebraska Enacts Comprehensive State Privacy Law

1 day ago AndyC
Colorado Amends Privacy Act with H.B. 1058, Adding New Protections for Biological and Neural Data

Colorado Amends Privacy Act with H.B. 1058, Adding New Protections for Biological and Neural Data

1 day ago AndyC
UK ICO and Ofcom Joint Statement on Regulation of Online Services

UK ICO and Ofcom Joint Statement on Regulation of Online Services

1 week ago AndyC
HHS Extends Protections for Reproductive Privacy Under HIPAA

HHS Extends Protections for Reproductive Privacy Under HIPAA

2 weeks ago AndyC
Maryland Legislature Passes State Privacy Bill with Robust Requirements and Broad Threshold for Application

Maryland Legislature Passes State Privacy Bill with Robust Requirements and Broad Threshold for Application

2 weeks ago AndyC
CIPL Publishes Report on Enabling Beneficial and Safe Uses of Biometric Technology Through Risk-Based Regulations

CIPL Publishes Report on Enabling Beneficial and Safe Uses of Biometric Technology Through Risk-Based Regulations

2 weeks ago AndyC

You may have missed

Weekly Update 399

Weekly Update 399

7 mins ago AndyC
Ohio Lottery data breach impacted over 538,000 individuals

Ohio Lottery data breach impacted over 538,000 individuals

12 hours ago AndyC
Ohio Lottery data breach impacted over 538,000 individuals

Ohio Lottery data breach impacted over 538,000 individuals

12 hours ago AndyC
Notorius threat actor IntelBroker claims the hack of the Europol

Notorius threat actor IntelBroker claims the hack of the Europol

12 hours ago AndyC
Notorius threat actor IntelBroker claims the hack of the Europol

Notorius threat actor IntelBroker claims the hack of the Europol

12 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.