The National Supervisory Authority for Personal Data Processing (ANSPDCP) approved the authorization template for the transfer abroad of personal data pursuant to the Binding Corporate Rules - BCR
ANSPDCP’s Decision no. 41 of March 18, 2014, on the establishment of an authorization template for the transfer of personal data abroad pursuant to the Binding Corporate Rules - BCR, was published in the Official Gazette of Romania no. 218 of March 27, 2014.
By adopting the authorization template, ANSPDCP acknowledges BCR as an alternative to the concluding of the standard contractual clauses, as approved by the European Commission by the Decision of February 5, 2010. Therefore, in cases of transfer of data to states which do not offer a level of protection at least equal to that offered by the Romanian law, ANSPDCP may authorize such transfers pursuant to BCR, these being acknowledged as an instrument which offers sufficient guarantees in relation to the protection of the fundamental rights of persons.
However, the authorization does not exempt data controllers from the fulfillment of other obligations resting upon them according to Law no. 677/2001 on the protection of persons in relation to personal data processing and free movement of such data, including the obligation to undergo the inspection conducted by the ANSPDCP, which may order any actions, if it ascertains the breach of the obligations undertaken by the data controllers.
The decision became effective on March 27, 2014.
A new guide concerning personal data protection
The Council of Europe and the European Union Agency for Fundamental Rights have launched a practical guide concerning the European personal data protection laws.
This is the first guide of the Council of Europe regarding EU personal data protection laws, its content referring to the case law of the European Court of Human Rights and of the Court of Justice of the European Union.
The guide is addressed to all persons interested in the area of personal data protection and contains clarifications concerning: (i) the terminology in the area of personal data protection; (ii) the principles and rules provided for by the European laws regarding personal data processing; (iii) the transfers of data; (iv) the protection of personal data in the light of the activities specific for the criminal law, etc. The guide may be accessed on the website of the European Union Agency for Fundamental Rights.