In This Issue
Discussions continue on revised data protection regime
Self checks: Data Protection Regulation introduces Impact Assessments
Binding Corporate Rules for Data Processors
Facebook Report of Re-Audit: more pokes than likes
Don't get caught out: an overview of Data Protection Audits
Commissioner gets tough on direct marketing
Use or abuse of a data access request?

For further information, please contact John O'Connor, Yvonne Cunnane or Andreas Carney at Matheson.

john.oconnor@matheson.com 
yvonne.cunnane@matheson.com
andreas.carney@matheson.com

Learn more about the Technology and Commercial Contracts Group.

The only Irish law firm to be commended for corporate strategy Financial Times Innovative Lawyers Report 2012

Client Choice Award 2012 Winner, International Law Office

Archive
Technology and Commercial Contracts Ezine September 2012
Technology and Commercial Contracts Ezine October 2011
Technology and Commercial Contracts Ezine March 2011
Technology and Commercial Contracts Ezine December 2010

View More »
What we do
Asset Management and Investment Funds
Aviation and Asset Finance
Banking and Financial Services
Commercial Litigation and Dispute Resolution
Commercial Property
Corporate
Corporate Restructuring and Insolvency
Employment, Pensions and Benefits
Environmental and Planning
EU, Competition and Regulatory
Healthcare
Insurance
Intellectual Property
International Business
Media and Entertainment
Private Client
Projects, Energy and Construction
Shipping
Structured Finance and Derivatives
Tax
Technology and Commercial Contracts
Telecommunications
Binding Corporate Rules for Data Processors
The use of binding corporate rules (BCRs) as a means of legitimately transferring personal data out of Europe has been available to data controllers for some time.  This option is now available (with effect from 1 January 2013) to data processors as confirmed by a recent press release of the Article 29 Working Party.

BCRs comprise a set of rules that mirror EU data protection requirements which, once they are approved by relevant data protection authorities, enable the legitimate transfer of personal data out of Europe between members of a corporate group that agree to be bound by them.

The Working Party has acknowledged that such BCRs will enable a relevant data controller to demonstrate an adequate level of protection of personal data transferred under them.  This is welcome as data controllers continue to be legally responsible for the protection of personal data even where they engage third-party data processors to carry out processing activities.  

In 2012 the Working Party had published a table of conditions that data processor BCRs need to satisfy and an application form to be used when applying for approval from relevant data protection authorities.
Facebook Twitter LinkedIn
Email Newsletter Software by Newsweaver