On Jan. 9, the European Commission's Directorate-General for Justice and Consumers published a notice to stakeholders on the intersection of Brexit and EU data protection rules. The guidance clarified, “Transfers based on approved standard data protection clauses or on binding corporate rules will not be subject to a further, specific authorisation from a supervisory authority.” One interpretation is that BCRs currently approved by the U.K. Information Commissioner’s Office will remain legit post-Brexit. However, the guidance does not address how the EU will handle BCRs still pending ICO approval. Can the ICO still be a lead supervisory authority on BCRs moving forward? In this exclusive for The Privacy Advisor, Olivia Manning, CIPP/US, CIPM, looks closely at this question.
If you want to comment on this post, you need to login.