Data Transfers Within a Multinational Group - Safely Navigating EU Data Protection Rules
Dechert White Paper
May 2013

Multinational corporations increasingly have a need to share their data throughout their group. Often this will be necessary to service international clients or to coordinate marketing efforts. Sometimes international data sharing will be necessary simply to implement a cost-effective centralised IT function. However, to do so often results in the group having to navigate the data protection or privacy laws of those countries in which they operate. A prominent example of an issue that arises is the European data protection restriction on transferring personal data outside of Europe (specifically, outside the European Economic Area (EEA)).

This briefing introduces this issue and presents a summary of the solutions available to allow a transfer of data between group entities when some of the data crosses out of Europe. In particular, the following solutions are introduced:

  • Ensuring that the recipient company is in a country automatically deemed adequate;
  • Ensuring a US recipient is in the US “safe harbor” scheme;
  • Putting in place certain types of data transfer contracts;
  • Putting in place “binding corporate rules”; and
  • (In the UK) undertaking a “self-assessment” as to the protection of the data throughout the group.

To keep reading, download the white paper.