Alex van der Wolk spoke to Global Data Review about the UK’s new binding corporate rules (BCR), and the overlap between the UK and EU BCR requirements under their respective General Data Protection Regulation regimes. The UK’s data regulator, the Information Commissioner’s Office, recently published new guidance for data controllers and processors around the UK’s new BCRs, which includes a simplified BCR approval process and a principles-based approach to intra-group data flows.
“The new requirements indicate that the regulator is more agile and nimble. The major simplification is the fact that they are now putting forward the requirements as principles, which means that they're essentially saying: ‘Look, we want you companies to address the principles, but we're not going to tell you what language we want to see or simply even how,’ and that is something that is distinctly different from the trend that I’m seeing in the EU.”