XpertDPO publishes submission on EDPB Recommendations on Controller Binding Corporate Rules (BCRs)
XpertDPO has provided feedback to the European Data Protection Board (EDPB) on Recommendations 1/2022 on the Application for Approval and on the elements and principles to be found in Controller Binding Corporate Rules (Art. 47 GDPR).
The EDPB recommendations build upon the agreements reached by data protection authorities during approval procedures on concrete BCR applications since the GDPR came into force. They also bring the existing guidance in line with the requirements in the Court of Justice of the European Union’s Schrems II ruling, providing clarity for controllers relying on Binding Corporate Rules for international data transfers.
XpertDPO welcomes the EDPB’s recommendations and its efforts to ensure a level playing field for all BCR applicants. While the recommendations provide a standard form for the application for approval of BCR for controllers (BCR-C) and clarify the necessary content of a BCR-C, there is still scope for more standardisation to simplify the process for companies considering BCRs as an appropriate safeguard for transfers of personal data to third countries.
XpertDPO’s detailed submission to the public consultation has been published on the EDPB website and can be read here. If you wish to find out more about the approval process for Binding Corporate Rules you can contact XpertDPO at firstname.lastname@example.org or on +353 1 678 8997.