On 10 June 2013, the UK Information Commissioner’s Office authorized GlaxoSmithKline’s ‘Binding Corporate Rules‘ (BCRs) – a set of internal policies and procedures used to protect personal data across GSK’s operations globally.  Covington & Burling’s data privacy and security team, led by London partner Dan Cooper and senior associate Mark Young and including Brussels based policy analyst Kristof Van Quathem, was instrumental in the development, implementation and authorization of GSK’s BCRs.

GSK is one of the world’s leading research-based pharmaceutical and healthcare companies, with over 99,000 employees in over 100 countries.  With this authorization, it has become one of only 40 companies worldwide who have completed this rigorous process. 

BCRs are designed to allow multinational companies to transfer personal data from the European Economic Area (EEA) to their affiliates located outside of the EEA.  Applicants must demonstrate that their BCRs put in place adequate safeguards for protecting personal data throughout the organization.

BCRs have traditionally been adopted by companies acting as data controllers over personal data, although last year the Article 29 Working Party, a group comprised of the data protection authorities of all twenty-seven EU Member States, published a working document that provides guidance on the use of BCRs when making transfers of personal data to data processors (as discussed in this InsidePrivacy post).  The proposed Data Protection Regulation also formally recognizes BCRs for controllers and processors, and contains a consistency mechanism with which BCRs must comply.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Kurt Wimmer Kurt Wimmer

Kurt Wimmer is a partner concentrating in privacy, data protection and technology law.  He advises national and multinational companies on privacy, data security and technology issues, particularly in connection with online and mobile media, targeted advertising, and monetization strategies.  Mr. Wimmer is rated…

Kurt Wimmer is a partner concentrating in privacy, data protection and technology law.  He advises national and multinational companies on privacy, data security and technology issues, particularly in connection with online and mobile media, targeted advertising, and monetization strategies.  Mr. Wimmer is rated in the first tier by Legal 500, designated as a national leader in Chambers USA, and is included in Best Lawyers in America in four categories.  He represents companies and associations on public policy matters before the FTC, FCC, Congress and state attorneys general, as well as in privacy assessments and policies, strategic content ventures, copyright protection and strategy, content liability advice, and international matters.