The CNIL published today a press release where it indicates that prior filings for transfers of data outside the EU will be facilitated for companies that have adopted Binding Corporate Rules (BCRs) for intragroup transfers of personal data:
Indeed, transfers of data outside the EU being subject to the prior authorization of the CNIL, the CNIL specifies that it will deliver to each group that has adopted BCRs, a “Single Authorization” relating to transfers of data outside the EU. Such “Single Authorization” will thus be a global authorization for transfers of data outside the EU and the entities of the group will no longer need to apply to the CNIL for each transfer of data from France outside the EU. To that end, companies that have adopted BCRs will be contacted by the CNIL's services within the next weeks in order to define the content of their respective “Single Authorizations”.
The CNIL’s initiative is a significant step forward for the simplification of international data transfers which aims at encouraging companies to adopt BCRs relating to the protection of personal data within companies.