The Article 29 Working Party has recently released several new documents of interest to companies that collect and process data about EU residents and who move data from the EU to the United States. First, the Working Party released “Recommendations on the Standard Application for Approval of Data Controller or Processor Binding Corporate Rules for the Transfer of Personal Data.” Binding Corporate Rules (often referred to as BCRs) are one mechanism available to companies to support the legal transfer of data outside the European Economic Area. Article 45 of the GDPR requires that data transferred to a country which has not been deemed to provide an adequate level of data…
.@EU_Commission announced successful conclusion of adequacy talks with South Korea, confirming alignment of EU & SK #dataprotection laws. Finding covers commercial & public sector, enables data flows between the EU & SK. Adoption expected in coming months. https://ec.europa.eu/commission/presscorner/detail/en/statement_21_1506
Dutch DPA announced a €475,000 fine for Dutch headquartered @bookingcom for failure to report #databreach within 72 hours of becoming aware of the 2019 incident. Breach resulted in unauthorized access to login credentials, criminal access to data of 4000 customers.
Bavaria #DPA declared company’s (controller’s) use of US email marketing service #Mailchimp in #Bavaria impermissible due to failure comply with #SchremsII mitigation requirements with respect to transfer of e-mail addresses to Mailchimp in the US.