In the next part of our discussion, data privacy attorney Sheila FitzPatrick get into the weeds and talks to us about her work in setting up Binding Corporate Rules (BCR) for multinational companies. These are actually the toughest rules of the road for data privacy and security.
In the next part of our discussion, data privacy attorney Sheila FitzPatrick get into the weeds and talks to us about her work in setting up Binding Corporate Rules (BCR) for multinational companies. These are actually the toughest rules of the road for data privacy and security.
What are BCRs?
They allow companies to internally transfer EU personal data to any of their locations in the world. The BCR agreement has to get approval from a lead national data protection authority (DPA) in the EU. FitzPatrick calls them a gold standard in compliance—they’re tough, comprehensive rules with a clear complaint process for data subjects.
Another wonky area of EU compliance law she has worked on is agreements for external transfer data between companies and third-party data processors. Note: it gets even trickier when dealing with cloud providers.
This is a fascinating discussion from a working data privacy lawyer.
And it’s great background for IT managers who need to keep up with the lawyerly jargon while working with privacy and legal officers in their company!