Allianz Group recently received approval of its Binding Corporate Rules from the EU-mandated Bavarian Data Protection Authority, BayLDA. Binding Corporate Rules or “BCRs” were developed by the European Union to allow multinational corporations to make intra-organizational transfers of personal data across borders in compliance with EU Data Protection Law.
In principle, EU data protection law does not allow the transfer of personal data from the EU to the US, Asia, and other regions. With the BCRs, companies can overcome that restriction, affording EU-level privacy protection to individuals globally, including those in countries with minimal to no safeguards for privacy rights and freedoms.
“Our business is built on trust. In an era where data privacy is an increasingly sensitive issue, it is critical that Allianz continue to be at the forefront of privacy protection,” says Helga Jung, Member of the Board of Allianz SE. “BCRs approval emphasizes how we are committed to maintaining the trust of our customers, employees, and business partners.”
Achieving BCRs status means Allianz is well prepared for the EU General Data Protection Regulation (GDPR), which comes into effect on May 25, 2018. Attaining BCRs approval required Allianz to evidence it has a comprehensive and effective framework in place to safely and lawfully transfer personal data out of Europe.
This process was driven by the Allianz Privacy Renewal Program, a global regulatory change program that began in January 2016 and comprised more than 80 sub-projects spread over 700 companies across the Allianz Group. European data protection authorities scrutinized the internal governance setup and implementation of the BCRs, as well as how Allianz embeds requirements into organizational processes, including through training and audit programs.
“It has been a significant undertaking, but it’s worth it,” says Dr. Philipp Räther, Group Chief Privacy Officer at Allianz. “For Allianz, privacy is a core business capability and a corporate social responsibility.”