The leading knowledge platform for the financial technology industry
The leading knowledge platform for the financial technology industry

A-Team Insight Blogs

SNR Denton Helps First Data Obtain Approval from European Regulators for its Binding Corporate Rules for Data Privacy

SNR Denton has successfully helped First Data Corporation, a global leader in electronic commerce and payment processing, obtain approval from European Data Protection regulators for its Binding Corporate Rules for data privacy (BCRs).

Today, the Information Commissioner’s Office granted authorisation of First Data’s BCRs, making it the eleventh company to obtain such authorization. First Data is one of only a handful of other companies worldwide who have completed this rigorous process to establish of the highest standards global data privacy practices. Its BCRs have been approved by the data protection authorities in 18 European Union member states.

The authorisation marks the culmination of a four-year project by First Data which was led on First Data’s side by John Atkins, First Data’s Chief Privacy Officer, and Tanya Madison Cunningham, Senior Counsel, Technology, Regulatory Compliance and Privacy.

SNR Denton’s team was led by Head of Technology Media and Telecoms sector, Scott Singer, assisted by associates Nicola Tutton and Tristan Jonckheer, all of whom work in SNR Denton’s dedicated UK Data Privacy Group, which has 4 partners and 12 lawyers in total, making it one of the largest in the UK.

Scott Singer commented: “Data Privacy is at the heart of First Data’s business, being a company which processes literally tens of billions of transactions every year. First Data’s determination to complete this process has come out of not just a desire to streamline its business, but more importantly, a wish to demonstrate its commitment to maintaining the highest standards of data privacy in everything it does.”

John Atkins, First Data’s Chief Privacy Officer, said: “First Data appreciates the superior guidance we received from SNR Denton during this process. Only a handful of companies have achieved BCR approval due to the rigorous nature of the process, and the advice and partnership provided by the SNR Denton team were invaluable.”

David Smith, Deputy Information Commissioner, said: “First Data should be commended for its commitment to the concept of binding corporate rules and for the respect for the privacy of individuals that this demonstrates. The ICO welcomes approaches from multi-national organisations that need to share personal information within their own group, but outside Europe and who want to use binding corporate rules to enable that.”

BCRs are a company-wide privacy policy to guarantee that a company’s practices are consistent with European data protection law. They are considered the platinum standard for compliance with the European Data Protection Directive. First Data’s BCRs will allow First Data to transfer personal data from the European Economic Area to its affiliates elsewhere in the world – something which is prohibited under the European Data Protection Directive unless adequate safeguards are in place. Following approval of the binding corporate rules by the European data protection regulators, First Data will now go through the formal process of approaching each of them for local authorization (the ICO’s having been the first such authorisation to be granted).

Related content

WEBINAR

Recorded Webinar: Data management for analytics and market surveillance

The financial services industry is starting to harness the potential of Big Data analytics to gain insights that can yield competitive advantage. At the same time, market surveillance has emerged as a major requirement for trading firms across the board as regulations like MiFID II and Market Abuse Regulation (MAR) push both buy- and sell-side...

BLOG

ComplyAdvantage Tops Up Series C Funding with Goldman Sachs Investment

ComplyAdvantage, a financial crime compliance specialist, has received new investment from Goldman Sachs Growth Equity. The investment will be used to build on the company’s rapid growth and cement its position as a critical part of the value chain for companies managing evolving risks around anti-money laundering (AML) and know your customer (KYC) processes, as...

EVENT

RegTech Summit London

Now in its 6th year, the RegTech Summit in London explores how the European financial services industry can leverage technology to drive innovation, cut costs and support regulatory change.

GUIDE

Entity Data Management Handbook – Seventh Edition

Sourcing entity data and ensuring efficient and effective entity data management is a challenge for many financial institutions as volumes of data rise, more regulations require entity data in reporting, and the fight again financial crime is escalated by bad actors using increasingly sophisticated techniques to attack processes and systems. That said, based on best...