See full text here
Tuesday 29 November 2011
EU Seeks to Simplify Cross-border Data Protection Compliance
At a conference in Paris organized by the International Association of Privacy Professionals, Viviane Reding has suggested that companies can set their own privacy rules, as long as they do not contradict with one national data protection authority.
Subscribe to:
Post Comments (Atom)
I found this proposal rather confusing!!
ReplyDeleteHow I understand it: it assumes, for example, Company "A" is a UK company and have branches in France, Germany, Bulgaria,..etc. (does this make them legally binding?) .. if yes, so all these company branches should follow the regulation in the UK? You can see from the third text that this does not look like a realistic solution!
"as long as they agree with one national data protection authority (DPA) to make them legally binding on all business units within the same group, wherever they may be."
:
:
"Adopted voluntarily by businesses, they will become legally binding wherever the company operates once approved by a data protection authority in just one of the 27 E.U. countries."
:
:
"BCRs today need approval from a DPA in each E.U. country where a group is active, so one set of rules must satisfy multiple authorities with different, perhaps contradictory, practices or legislation. "That wastes time and money," said Reding."