The Post-Brexit Binding Corporate Rules Generator streamlines the standard application procedure in the EU with the lead supervisory authority. In addition, the Post-Brexit BCRs Generator enables organizations with existing BCRs to automate the submission process with the Information Commissioners Office in light of the Data Protection, Privacy and Electronic Communications Regulations 2020 No. 1586. The user first selects the approval authority. The Post-Brexit BCRs Generator then collects the user’s information required for the approval process. Through the integration of knowledge management features, the application guides the user to the most effective informational inputs. Finally, individualized application documentation is generated ready for submission. The system easily enables users to incorporate suggestions and commentary by the supervisory authority during the (post-)approval phase.
As part of the EU-UK Trade & Co-operation Agreement, organizations with approved Binding Corporate Rules (BCRs) under the General Data Protection Regulation (GDPR), authorized by a supervisory authority other than the UK Information Commissioners Officer (ICO), are required to resubmit their BCRs by the end of the bridge period (31st June 2020). Similarly, the European Data Protection Board (EDPB) issued a statement last year, urging organizations with BCRs assigned to the ICO to apply to a new lead supervisory authority within the European Economic Area (EEA). The new lead supervisory authority will have to issue a new approval decision following an opinion from the European Data Protection Board (EDPB). The GDPR does not formalize special requirements companies can use to identify and apply to the lead supervisory authority. As outlined by the Data Protection Working Party in WP264 rev. 1, the application should however provide the proposed BCR lead with: all appropriate information that justifies the proposal, the nature and general structure of the processing activities in the EU with particular attention to the place where decisions are made, the location and nature of affiliates in the EU, the number of employees concerned, the means and purposes of the processing, the places from where the transfers to third countries do take place, and the third countries to which those data are transferred. With all this information required, the approval process usually takes a minimum of 12 months.
The Post-Brexit Binding Corporate Rules Generator provides for an automated solution to streamline the information submission procedure to the supervisory authority. With BRYTER, law firms and businesses can build a reliable checklist, including knowledge management features to guide the user through the ICO and EDPB post-Brexit guidance. By securely collecting the user input information and generating an automated BCRs application document, an efficient and time-saving process can be achieved. EU regulators are currently still debating the impact of Schrems II on BCRs, with guidance likely to come soon. The Post-Brexit Binding Corporate Rules Generator allows users to update any checklist elements and knowledge management features instantaneously. Through further integration with third-party providers like DocuSign, BRYTER can offer a centralized BCRs application management experience.
How it works
Determine Approval Authority
The Post-Brexit Binding Corporate Rules Generator can cater to both certification processes with the lead supervisory authority in the UK and EEA.
Collect User Information
Through a customizable and user-friendly questionnaire, all the relevant information regarding the application process before the individual data protection authority is recorded.
The information is automatically populated to a structured document that can, through our DocuSign integration, be easily and remotely signed by the parties.
Easily edit the customizable checklist and knowledge management features to reflect current data supervisory authority updates.