European Union: European Data Protection Board published document outlining the approval procedure for Binding Corporate Rules

On 13 March 2025, the European Data Protection Board (EDPB) published a document outlining the Approval Procedure for Binding Corporate Rules (BCRs). The document provides a cooperation framework for the approval of BCRs under Article 47 GDPR, which serves as a legal mechanism for cross-border data transfers within corporate groups. The document establishes the BCR Lead Supervisory Authority, responsible for reviewing applications, coordinating with other Supervisory Authorities (SAs), and submitting the final draft to the EDPB for a non-binding opinion under Article 64 GDPR. The process incorporates multiple review phases, including the BCR Lead review, co-review, cooperation, and EDPB Opinion phase. The document also introduces informal BCR sessions to address unresolved issues among authorities and clarifies the role of the EDPB Secretariat in facilitating discussions and approvals.