Which of the following best describes proper compliance for an international organization using Binding Corporate Rules (BCRs) as a controller or processor?
Which of the following best describes proper compliance for an international organization using Binding Corporate Rules (BCRs) as a controller or processor?
Binding Corporate Rules (BCRs) are internal rules adopted by multinational companies to ensure that their personal data transfers comply with applicable data protection laws. These rules are legally binding and apply to all members of the group, including employees, regardless of where the work is taking place. This ensures a consistent level of data protection across the organization.
Shouldn’t be B?
From a paper from PwC. The above principles need to be binding within the corporate group, as against employees and subcontractors. The documents likely to achieve this are: • A resolution of the parent company’s board to make the principles binding; • An employee notice requiring application of the principles; • Pro forma contract terms for use with subcontractors; and • Intra-group contract that confers third party rights.
Answer B: BCR are are legally binding and apply to and are enforced by every member concerned of the group of undertakings, or group of enterprises engaged in a joint economic activity, including their employees;
BCRs must ensure that all employees who process personal data follow the privacy regulations of the jurisdictions where the data originates from, regardless of where they are located or where the data is transferred to. https://www.lexology.com/library/detail.aspx?g=80239951-01b8-409f-9019-953f5233852e
Should be B