Privacy & Information Security Law Blog

On June 13, 2011, the Polish Data Protection Authority (Generalny Inspektor Ochrony Danych Osbowych or “GIODO”) hosted a conference in Warsaw on the use of binding corporate rules (“BCRs”) for international data transfers.  The conference was notable as the first on this topic in Poland, and was designed to introduce BCRs to a Polish audience and to promote their use.  The audience of approximately 70 people heard presentations by the Polish Inspector General for Data Protection, Wojciech Rafał Wiewiórowski, as well as representatives of the Belgian, French, Polish, Spanish and UK DPAs, and the international and Polish business communities.  View the conference program.

In his presentation, Wiewiórowski explained that, although he personally looks favorably on the use of BCRs, Poland has not been able to join the Article 29 Working Party’s mutual recognition procedure due to legal impediments under Polish law.  Several of the DPAs expressed interest in exploring the use of BCRs for data processors, but indicated that a number of obstacles must be overcome before such use could be approved.  Following the workshop, on June 15, 2011, a number of DPAs met in closed session in Warsaw to work on better coordination of the mutual recognition and approval procedure.