First Nordic led BCR gets authorised
On 13 October 2011 the Danish DPA concluded the co-operation procedure for the first BCR application for which it was appointed to act as lead authority. The applicant company was Novo Nordisk A/S and the BCR covers all personal information of Novo Nordisk's employees and third parties.
As the Danish DPA is not part of mutual recognition the authorisation process had to be dealt with under the co-operation procedure . Prompted by the fact that this was their first application as lead, the Danish DPA did, however, take the step of following the mutual recognition procedure to the extent that it appointed two experienced DPAs to review the BCR before it was circulated more widely.
This application demonstrates the willingness of DPAs to engage with BCR and also the way in which the DPAs are working co-operatively to streamline the authorisation process.
The Novo Nordisk application is also notable because the BCR has been authorised by the Swiss DPA under its own national procedure. The effect of this is that the Swiss DPA will approve a BCR provided that it meets the standards equivalent to those required by the Article 29 Working Party.