Presentation is loading. Please wait.

Presentation is loading. Please wait.

GE’s Binding Corporate Rules: Achievements, Challenges and Solutions

Similar presentations

Presentation on theme: "GE’s Binding Corporate Rules: Achievements, Challenges and Solutions"— Presentation transcript:

1 GE’s Binding Corporate Rules: Achievements, Challenges and Solutions
Nuala O’Connor Kelly Chief Privacy Leader General Electric Company

2 Six Businesses, Each with a Number of Business Units Aligned for Growth
Infrastructure Commercial Finance Industrial Note: This is one slide that can be used instead of the individual slides for each business. GE’s six businesses are organized to serve customers, be they industries, markets, even countries. Commercial Finance Insurance • Leasing • Real Estate • Corporate Financial Services • Healthcare Financial Services Infrastructure Oil & Gas • Energy • Rail • Aircraft Engines • Water • Energy Financial Services • Aviation Financial Services Industrial Consumer & Industrial • Equipment Services • Plastics • Silicones/Quartz • Security • Sensing • Fanuc • Inspection Technologies Healthcare Diagnostic Imaging • Clinical Systems • Information Technology • Services • Bio Sciences Consumer Finance Europe • Asia • Americas • Australia/New Zealand NBC Universal Network • Stations • Entertainment • Universal • Sports/Olympics Healthcare NBC Universal GE Money

3 Meeting Global Challenges
Population / Demography Resource Management Technology Innovation Knowledge Flows Global Integration Conflict & Security Institutional Governance Personalized Healthcare Philanthropy Renewables Nuclear Water/Desal Clean Coal H Turbine Engine Evolution Locomotive Global Research Centers NBCU Services in WTO/FTAs Energy Healthcare Financial Services Container Security Explosive Detection Transparency in Governance (Corp/Govt) Compliance Rigor Corporate Citizenship Mobilizing capital and resources. . . Bringing solutions through our customers. . . Leading with governments to find solutions. . .

4 A global company with operations in over 100 countries and 300,000+ employees
95,000+ employees in EMEA

5 The GE difference . . . Leadership commitment to integrity
A culture of compliance supported by world-class systems: Policies Education & Training Communications Auditing & Control

6 GE Policies are the Foundation of GE’s Integrity
14 policies, including on privacy, outline GE’s core legal and ethical responsibilities GE’s global workforce commits to comply: New employees receive a copy of The Spirit and Letter handbook and acknowledge that they are required to comply with its policies Employees re-acknowledge commitment to S&L every 18 months Failure to comply can lead to termination of employment GE and controlled affiliates are also bound: “Subsidiaries and other controlled affiliates throughout the world must adopt and follow corresponding policies. A controlled affiliate is a subsidiary or other entity in which GE owns, directly or indirectly, more than 50% of the voting rights, or in which the power to control the entity is possessed by or on behalf of GE.”

7 BCRs Incorporated into GE Policy in 2003
Fair Employment Practices Policy (GE Spirit & Letter) Requires respect for “the privacy rights of employees by using, maintaining and transferring their personal data in accordance with applicable Company guidelines and procedures.” GE Employment Data Protection Standards (Binding Corporate Rules) Protects “Employment Data,” defined as “any information about an identified or identifiable person that is obtained in the context of the person’s working relationship with a GE entity.”

8 Today, GE’s BCRs Continue to Provide Strong, Global Data Protection
Key Principles: Adduces adequate safeguards globally - a high, EU-like standard globally - plus stricter local laws prevail Key protections Transparency and fairness Purpose limitation Data quality Security Rights of access, rectification, objection Protections for onward transfer Enforcement Internal controls and audits Reporting channels for suspected violations Cooperation with Data Protection Authorities (DPA) Data subject right to seek remedy in home country Communication and training

9 Binding Corporate Rules: An Effective Compliance Approach for GE
BCRs Consistent with GE’s compliance structure and practices Binding on GE entities and employees Harmonized global guidelines ensure a consistent, strong protection Policies are alive and visible to our employees Language is user-friendly and has been translated into many local languages for data handlers and employees around the world Company assumes responsibility for providing adequate safeguards for data Strong support for a privacy compliant culture from GE senior management Contracts: Complex administration with thousands of entities Complex language; not visible to data handlers or employees Safe Harbor: Covers only EU to U.S. transfers Does not cover GE’s financial services businesses

10 BCR Approval Process

11 BCR Approval Process: Prior to Coordinated Process
GE sought recognition of its Standards as a BCR in each country; adopted by German DPAs in July 2003 Lessons Learned: Challenges for companies: Gaining individual approval by 28 EU/EEA countries was time- consuming Minor modifications suggested by individual DPAs triggered significant work: re-training of data handlers; revision of operating procedures; renegotiation with prior-approving DPAs Challenges for DPAs: Hard for DPAs to review BCRs and supporting documentation from many different companies

12 BCR Approval Process: Coordinated Process
GE worked with UKIC as “lead authority” for coordinated approval of BCR (mid-2004 through present). As one of the first companies to undertake the BCR approval process, GE worked side-by-side with DPAs in a number of countries to facilitate approval. Lessons Learned: Significant effort required by Lead Authority (and UKIC was excellent!) Working collaboratively and transparently with DPA staff and commissioners was effective; in-person meetings essential – but the process took substantial time for GE, the UKIC and all DPAs GE resources (HR, Legal, Privacy, Compliance, Audit teams) heavily involved in demonstrating strong controls Process can work! GE has approvals in 13 countries; pending in 13 more

13 Managing Practical Implementation Regionally & Globally

14 Policy Compliance Review Board (PCRB)
GE Privacy Structure Policy Compliance Review Board (PCRB) GE General Counsel Chief Privacy Leader Policy development Practice facilitator Poles US Privacy Leaders European Privacy Leaders Asian Privacy Leaders Corporate Employment Data Privacy Committee Global Privacy Council Corp Audit & Compliance Team Businesses Chief Privacy Leaders Data Protection Review Boards Senior HR/IT Leaders

15 A strong structure ensures daily compliance
GE’s Policy Governance Structure Board of Directors Audit Committee Regular updates Policy Compliance Review Board (PCRB) Senior GE officers Policy oversight Business reviews Legal Organization lawyers in Europe & globally Dedicated compliance leader in each business Independent Auditors Report to BOD Audit Committee auditors in Europe & globally Global Ombudsperson Network Intake and resolve concerns Monitor trends/cases

16 GE’s policies are visible and user friendly
26 Languages Hotlinks 13 Policies in simple, reader-friendly language Report Concerns & Access Resources

17 Data handlers are trained on their obligations
Training and Communication: For Data Handlers- authorized individuals who process employment data Human Resources Information Technology Managers Legal Sourcing Messages via: On-line courses Live training Web articles

18 Substantial guidance is provided to data handlers
Business self-audit checklists Data protection FAQs Country toolkits Country experts Links to external sites Privacy reviews before new systems are implemented

19 BCRs Benefit Companies and DPAs!
Benefits for companies: Unified, global standard In-house policy driven by/tailored to a company’s unique culture or business/compliance processes More ability to communicate rules, values to employees (better than contracts or safe harbor) Benefits for DPAs: Simplified approval process for BCR Fewer unique data processing approvals, if activity covered by BCR Better awareness of data protection rights on part of individual Increased and clarified role for DPAs in enforcing/approving BCRs of global companies Some DPAs and the Commission are more pragmatic than others; some DPAs require contracts on top of the BCRs.

Download ppt "GE’s Binding Corporate Rules: Achievements, Challenges and Solutions"

Similar presentations

Ads by Google