Atmel (advised by Herbert Smith) and Accenture received authorisation from the UK Information Commissioner's Office ("ICO") to transfer personal information from the UK to the other entities within their own corporate groups who operate outside the European Economic Area ("EEA") on the basis of their binding corporate rules.
Binding Corporate Rules are a global internal data handling policy which offer a solution to major corporations who wish to transfer personal information freely between group companies.
Obtaining formal approval for these rules means that transfers of personal information by Atmel and Accenture from the UK out of the EEA, comply with the eighth data protection principle of the Data Protection Act 1998. The eighth data protection principle provides that personal data shall not be transferred to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
It is anticipated that the European counterparts to the ICO will in due course issue equivalent authorisations for transfers within their jurisdictions; a process that is simplified under the BCR procedure as an application only has to be made to one "lead" supervisory authority in Europe and that authority then liaises with all others to obtain approval of the contents of the BCRs.