Data protection: Art. 29 Working Party guidelines on BCRs EBF comments
EBF advisor: Helene Benoist
Article 29 Data Protection Working Party: EBF’s comments on the WP29 updated adequacy referential and working document on BCRs (wp254 & wp256) k
Publication date: 17 January 2018
The European Banking Federation (EBF) welcomes the Article 29 Data Protection Authority (hereafter ‘WP29’) paper on Binding Corporate Rules (BCRs) and the updated adequacy referential which provide further clarity on how international data transfers will be managed under the General Data Protection Regulation (GDPR).
Cross-border data transfers are today an important part of the modern global economy as data has become its lifeblood. Digital trade and cross-border data flows are expected to continue to grow faster than the overall rate of global trade.
Financial institutions often need to process personal data within the group of which they are members in order to achieve objectives, such as offering a broader variety of products to the clients, or, efficiently tackling fraud. In that respect, clarity and legal certainty are necessary.
Nevertheless, there will be greater difficulties going forward for three reasons:
The new provisions in the GDPR will make third country transfers more difficult. Under the GDPR, the possibility to make an internal adequacy decision within the firm is no longer possible.
However, the slowness of the BCRs adoption process is today an important obstacle. We note that BCRs currently require 18 months or more to be approved and demand will likely increase under the GDPR.
There is uncertainty over firms’ ability to rely even on the safeguards provided for under the GDPR. The EU-U.S. Privacy Shield and SCCs, for example, have an uncertain future, given the striking down of the Safe Harbour adequacy decision in 2015 and a more recent court challenge against SCCs and referral to the Court of Justice of the European Union (“Schrems II”).
We believe further assessment should be conducted on the barriers that prevent banks from processing or storing data inside and outside the EU (linked to data protection, confidentiality, bank secrecy requirements, etc.). Ultimately, there should also be a clear legal basis to share information among jurisdictions at group company level.
EU27 responds to UK requests in a positive spirit and:
👉 agrees to Art. 50 extension until 22 May if Withdrawal Agreement approved next week
👉 if not agreed next week then extension until 12 April
👉 approves ‘Strasbourg Agreement’
👉 continues no-deal preparations
“International Directors Banking Programme” is a new modular programme of three three-day modules at the INSEAD business school in Fontainebleau, France. The content is driven by the needs for bank directors and senior executives working in banks to review and update their corporate governance practices due to the many pressures they face, and will focus on the effectiveness of directors and boards. Successful completion by participants offers certification by INSEAD. Read more
Stay in touch with the EBF
The EBF produces a daily and a weekly newsletter with European banking news and updates from national banking associations across Europe. CLICK HERE TO SUBSCRIBE
European Banking Federation
The EBF is the voice of the European banking sector, bringing together national banking associations from 45 countries. The EBF is committed to a thriving European economy that is underpinned by a stable, secure and inclusive financial ecosystem, and to a flourishing society where financing is available to fund the dreams of citizens, businesses and innovators everywhere.
56 Avenue des Arts
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.