The International Chamber of Commerce has produced a standardised application form that can be used to seek permission from all 25 EU countries to send personal information from within the EU to outside it.
Stringent controls on the transfer of personal data are in place in the EU and a company must apply to all 25 member states to formalise rules controlling the movement of that data.
Previously that involved a separate application for each country, but the ICC has produced a form which it hopes will become a standard across all member states. It awaits approval by EU data protection authority the EC Article 29 Data Protection Working Party.
The form relates to Binding Corporate Rules (BCRs), agreements which companies can enter into to control the passing of personal information from within Europe to out with it.
The seven-section form was based on a series of rules produced by the EC Working Party and is intended to replace a series of national forms.
"With input from member companies working with BCRs and feedback from various European authorities, we created this standard application form for BCRs," said Christopher Kuner, Chair of the ICC Task Force on Privacy and Protection of Personal Data. "The same form can be used for approval in all EU member states – that is the main advantage."
The application form is divided into eight sections. These are: contact details for the company; contact details for queries; determination of the lead Data Protection Authority; explanation of how the BCRs will be made binding; verification of compliance; description of processing and data flows; data protection safeguards, and mechanisms for reporting and recording changes.
The Working Party which must now decide on the suitability of the form was set up under Article 29 of the Data Protection Directive to be an independent advisor on privacy and data protection in Europe.
The UK's Information Commissioner has already published a list of requirements for the approval of BCRs.
