A press release from the Information Commissioner today is a good reminder that there is another way of dealing with data transfers into and out of the European Economic Area but within multi-national organisations – using binding corporate rules (BCRs).
We note that the UK Information Commissioner’s Office (ICO) is getting a good track record of being the coordinating data protection authority of choice for organisations wishes to get their corporate rules authorised. However, BCRs are still not exactly popular. The ICO as so far only approved 4 BCRs:
15 December 2005: General Electric Company (employee data)
2 April 2007: Koninklijke Philips Electronics NV (employee data)
22 April 2009: Atmel Corporation (employee data)
30 April 2009: Accenture Limited (employee and client)
Maybe multi-national prefer dealing with a whole stack of export of data agreements?!