GDPR - Compliant Data Processing Within (Multinational) Corporations

Is there something like a „group privilege“ regarding data processing in between the legal entities of a corporation, which of course would be very helpful? National laws in effect to date in Member States do generally not provide for a „group privilege“ for corporate groups. Neither does the GDPR, at least not explicitely. GDPR does, however, privilege internal administrative purposes and therefore does make data transfers easier in this context.

With the GDPR coming into effect corporate groups can make use of this opportunity. To do so, you will need to elaborate and document your group wide data streams. Then you will need to evaluate why those data streams occur and what they mean to the data subjects. This will enable corporations to assess where or not and what kind of legitimate interests they have have to justify those data streams.

Depending on your findings you will then have to identify and implement relevant communications, declarations and agreements required to implement GDPR-compliant data processing within the legal entities of a corporation.

Key Takeaways:

• Overview of data processing between the legal entities of a corporation under the GDPR regime
• Practical approaches to enabling GDPR-compliant legitimate interests in transmitting personal data within corporations
• Identification of communications, declarations and agreements that may be required to implement group wide data processing in this context

Presentation deck

GDPR - Compliant Data Processing Within (Multinational) Corporations

Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.