Upload
truste
View
486
Download
2
Embed Size (px)
DESCRIPTION
TRUSTe- Promontory BCR (Binding Corporate Rules) management program helps multinationals manage and comply with international data transfer extending your global privacy strategy. Visit http://www.truste.com/products-and-services/enterprise-privacy/binding-corporate-rules
Citation preview
Binding Corporate rules (BCr) ManageMent prograM
eu law imposes restrictions on the transfer of data between the european economic area (eea) and the
rest of the world. this includes internal transfers of personal data such as employee or customer
information within a corporate group. if your company does business or has employees in the eea then
you need to demonstrate compliance with eu privacy and data protection standards. Ways to achieve
this include:
Binding Corporate Rules authorization, enabling you to transfer data freely within your corporate group
using a matrix of contracts incorporating Model Contract Clauses for data transfers within your corporate group
using EU Safe Harbor for data transfers from the eea to the us. May not be an option for certain transfers e.g. Cloud transfer going forward
What are Binding Corporate rules?BCrs are internal rules adopted by multinational companies to facilitate
the intra-organizational transfer of personal data from group companies
within the eea to group companies located outside the eea. BCrs
were developed by the article 29 Working party as a solution to enable
large organizations with a global presence to transfer personal data
freely across the corporate group in accordance with the european data
protection directive 95/46/eC.
BCrs are widely recognised across most eea member states, the
majority of which participate in the mutual recognition procedure
designed to deliver a streamlined BCr approval process through a lead
data protection authority.
the proposed european general data protection regulation provides
a stronger legal basis for the use of BCrs to make international data
transfers, and would extend the scope of lead data protection authority
mutual recognition to all eu member states which is expected to
generate increased adoption of BCrs.
advantages of BCrs• provide a sustainable framework for a range of intra-group data transfers
• Help an organization achieve an elevated and consistent level of data protection compliance and accountability, by ensuring that all group entities work towards enhanced data handling standards
• strengthen an organization’s brand, in the eyes of customers third-parties and regulators, by providing evidence of commitment to data protection compliance
• Help to reduce administrative complexity which can occur when using model contract clauses
• More comprehensive than eu safe Harbor
Why Choose the truste - promontory BCr management program?the cost of BCr adoption has typically been substantial and many organizations currently see the
application process as complicated, lengthy and expensive. the truste-promontory BCr Management
program is designed to make it quicker, simpler and more affordable for businesses to prepare for
compliance with the Binding Corporate rules (BCrs) regime, apply for authorization from their data
protection authority to use BCr’s for international data transfers within their organization, and
self-certify their ongoing BCr compliance through the program.
learn more:truste.com/bcr
Managing the compliance challenges of international data transfers
21Support Mutual
Recognitionof BCR Decisions
28Recognize
BCRs
30EEA Member
States
What Can the program do for your organization?
Reduce administrative burden
• delivery of a streamlined and consistent BCr framework to facilitate a broad range of intra-group data transfers
• oversight and management of the BCr application process including pre-submission review and regulatory liaison with data protection authorities as part of approval process
Cost management
• pre-program suitability assessment to ensure compatibility of organization’s structure and data protection compliance framework with BCr adoption
• project-based pricing structure reducing risk of resource over-spend
• delivering efficiencies by building on a proven BCr framework
Technical expertise
• promontory’s experience of privacy and data protection regulation in europe and across the globe
• truste’s global privacy expertise and leading edge certification practice
Demonstrate on-going compliance
• annual attestation of compliance with the BCr commitments and corresponding trust mark to demonstrate on-going organizational compliance with the BCrs
BCR Scheme Frameworkrequirements and workflow framework including BCr commitments and control statements
Scopingestablish the suitability of BCr implementation, scoping of the BCr commitments and identification of likely lead dpa
Readinesstruste & promontory provide roadmap to BCr implementation including any necessary
pre-application remediation work
Adoption & Deploymentorganization undertakes remediation and implementation requirements defined in roadmap. progress tracked by truste and support provided if issues arise during implementation work
Approvaltruste & promontory collate relevant documentation and produce a BCr Management program application pack prior to application submission to lead dpa and two
secondary dpas
Compliancetruste oversee process for organization to undertake its annual attestation of on-going compliance with BCr commitments, in addition to re-certifications in relation to
new data handling activities
Redresstruste operate an independent complaints arbitration and dispute resolution service where complaints cannot be resolved by the organization, prior to involvement of dpa(s)
Binding Corporate Rules (BCR) Management Program 2
hoW does the proCess Work?
BCR SchemeFramework Scoping Readiness Approval Compliance RedressAdoption &
Deployment
experienCed program partnerstruste is the leading global provider of data privacy management solutions, offering a broad suite of
technologies and certifications to help companies build trust and increase engagement across their online
channels, including websites, mobile apps, advertising, and cloud services. More than 5,000 companies, including
top international brands like apple, eBay, linkedin and Microsoft, rely on truste to build trust and address
evolving and complex privacy challenges. truste® Certified privacy seal is widely recognised and trusted by millions of
consumers worldwide as a sign of responsible privacy practices. www.truste.com
promontory is a global consulting firm for regulated companies. the firm specializes in solving
regulatory, risk, controls, compliance and governance issues. since its founding in 2001 by former u.s.
Comptroller of the Currency eugene a. ludwig, promontory’s reputation for excellence and frank,
proactive, and practical advice has fueled its growth. With 15 offices in north america, europe, asia, australia, and the
Middle east, our professionals assist clients in more than 50 countries on six continents. Visit us at www.promontoryprivacy.com
CONTACT US us: 888.878.7830 www.truste.com | eu: +44 (0) 203 626 0109 www.truste.co.uk