TRUSTe and Promontory today launched a joint BCR Management Program designed to make it quicker, simpler and cheaper for businesses to prepare for compliance with the Binding Corporate Rules (BCRs) regime, apply for authorisation from their Data Protection Authority to use BCRs for international data transfers within their organisation, and self-certify their ongoing BCRs compliance through the Program.
BCRs are designed to allow multinational companies to transfer personal data from the European Economic Area (EEA) to their affiliates located outside of the EEA in compliance with Data Protection Directive 95/46/EC. The most utilised current alternative to BCRs is the use of the model contractual clauses approved by the European Commission. However, in multinational companies with complex structures, there are drawbacks where hundreds of contracts may be required to cover transfers between all affiliates, and keeping those contracts up to date can be difficult and time consuming.
The new TRUSTe-Promontory BCR Management Program will be delivered and managed by TRUSTe, the leading global provider of data privacy management solutions, based on a framework developed by Promontory, a global regulatory compliance consulting firm. The framework will help companies build their BCR application in a streamlined and consistent manner. Once the application is approved by the relevant Data Protection Authorities, the company will remain a member of the TRUSTe-Promontory BCR Management Program to evidence and certify their ongoing compliance with BCR standards. This new program is designed to offer organisations the combination of TRUSTe's credibility and experience in developing privacy certification programs and Promontory's experience of European data protection regulation and addressing corporate compliance around international data transfers.
"As the challenges of ensuring both regulatory compliance and good privacy practices increase, BCRs are an ideal way for organisations to demonstrate compliance with European data privacy standards when transferring and using customer and employee personal information overseas. This new program we are launching with Promontory today should encourage more organisations to take advantage of the benefits of BCRs and demonstrate that they have good privacy practices at their heart of their business." said Danilo Labovic, EMEA Managing Director for TRUSTe.
Simon McDougall, Managing Director and Head of Promontory's Privacy Practice said: "I am delighted to be working with TRUSTe, who are global leaders in privacy self-regulation. In an ideal world, all international firms would use Binding Corporate Rules when moving personal data around their corporate group. However, many organisations currently see the application process as complicated and expensive. The TRUSTe-Promontory BCR Management Program will help make demonstrating BCR readiness cheaper, simpler and quicker. Members of the program will able to demonstrate their commitment to good privacy governance, as well as make their international data transfers easier."
TRUSTe (truste.co.uk) is the leading global provider of online data privacy management solutions, offering a broad suite of technologies and certifications to help companies build trust and increase engagement across their online channels, including websites, mobile apps, advertising, and cloud services. More than 5,000 companies, including top international brands like Apple, eBay, LinkedIn and Microsoft, rely on TRUSTe to build trust and address evolving and complex privacy challenges. TRUSTe® Certified Privacy Seal is widely recognised and trusted by millions of consumers worldwide as a sign of responsible privacy practices.
Promontory Financial Group, headquartered in Washington, D.C., is a global consulting firm for regulated companies. The firm specializes in solving regulatory, risk, controls, compliance, governance, capital, and liquidity issues. Promontory has offices in London, Atlanta, Brussels, Denver, Dubai, Hong Kong, Milan, New York, Paris, San Francisco, Singapore, Sydney, Tokyo, and Toronto. Eugene A. Ludwig, who served as U.S. Comptroller of the Currency under President Clinton, founded Promontory in 2001.
Binding Corporate Rules (BCRs) are designed to allow multinational companies to transfer personal data from the European Economic Area (EEA) to their affiliates located outside of the EEA in compliance with Directive 95/46/EC.
Applicants must demonstrate that their BCRs put in place adequate safeguards for protecting personal data throughout the organisation in line with the requirements of the Article 29 Working Party papers on Binding Corporate Rules.
Applicants apply to a Data Protection Authority (DPA) (decided by criteria related to their location and business) who acts as their ‘lead authority’. If the lead authority is satisfied, it then circulates the draft BCRs to other European DPAs, where those countries are in scope of the application.
For Promontory EU Media Enquiries please contact Alex Brown at Weber Shandwick Worldwide on +44(0)20 7067 0732 or abrown[.]webershandwick.com.