SNR Denton has successfully helped First Data Corporation, a global leader in electronic commerce and payment processing, obtain approval from European Data Protection regulators for its Binding Corporate Rules for data privacy (BCRs).
Today, the Information Commissioner’s Office granted authorisation of First Data’s BCRs, making it the eleventh company to obtain such authorization. First Data is one of only a handful of other companies worldwide who have completed this rigorous process to establish of the highest standards global data privacy practices. Its BCRs have been approved by the data protection authorities in 18 European Union member states.
The authorisation marks the culmination of a four-year project by First Data which was led on First Data’s side by John Atkins, First Data’s Chief Privacy Officer, and Tanya Madison Cunningham, Senior Counsel, Technology, Regulatory Compliance and Privacy.
SNR Denton’s team was led by Head of Technology Media and Telecoms sector, Scott Singer, assisted by associates Nicola Tutton and Tristan Jonckheer, all of whom work in SNR Denton’s dedicated UK Data Privacy Group, which has 4 partners and 12 lawyers in total, making it one of the largest in the UK.
Scott Singer commented: “Data Privacy is at the heart of First Data’s business, being a company which processes literally tens of billions of transactions every year. First Data’s determination to complete this process has come out of not just a desire to streamline its business, but more importantly, a wish to demonstrate its commitment to maintaining the highest standards of data privacy in everything it does.”
John Atkins, First Data’s Chief Privacy Officer, said: “First Data appreciates the superior guidance we received from SNR Denton during this process. Only a handful of companies have achieved BCR approval due to the rigorous nature of the process, and the advice and partnership provided by the SNR Denton team were invaluable.”
David Smith, Deputy Information Commissioner, said: “First Data should be commended for its commitment to the concept of binding corporate rules and for the respect for the privacy of individuals that this demonstrates. The ICO welcomes approaches from multi-national organisations that need to share personal information within their own group, but outside Europe and who want to use binding corporate rules to enable that.”
BCRs are a company-wide privacy policy to guarantee that a company’s practices are consistent with European data protection law. They are considered the platinum standard for compliance with the European Data Protection Directive. First Data’s BCRs will allow First Data to transfer personal data from the European Economic Area to its affiliates elsewhere in the world – something which is prohibited under the European Data Protection Directive unless adequate safeguards are in place. Following approval of the binding corporate rules by the European data protection regulators, First Data will now go through the formal process of approaching each of them for local authorization (the ICO’s having been the first such authorisation to be granted).
