Presentation is loading. Please wait.

Presentation is loading. Please wait.

GEs Binding Corporate Rules: Achievements, Challenges and Solutions Nuala OConnor Kelly Chief Privacy Leader General Electric Company

Similar presentations

Presentation on theme: "GEs Binding Corporate Rules: Achievements, Challenges and Solutions Nuala OConnor Kelly Chief Privacy Leader General Electric Company"— Presentation transcript:

1 GEs Binding Corporate Rules: Achievements, Challenges and Solutions Nuala OConnor Kelly Chief Privacy Leader General Electric Company

2 2 / Ulrika Dellrud Six Businesses, Each with a Number of Business Units Aligned for Growth Commercial Finance Healthcare Infrastructure NBC Universal GE Money Industrial

3 3 / Ulrika Dellrud Meeting Global Challenges Knowledge Flows Technology Innovation Global Integration Conflict & Security Institutional Governance Resource Management Population / Demography Mobilizing capital and resources... Renewables Nuclear Water/Desal Clean Coal H Turbine Engine Evolution Locomotive Global Research Centers NBCU Container Security Explosive Detection Transparenc y in Governance (Corp/Govt) Compliance Rigor Corporate Citizenship Bringing solutions through our customers... Leading with governments to find solutions... Personalized Healthcare Philanthropy Services in WTO/FTAs Energy Healthcare Financial Services

4 4 / Ulrika Dellrud A global company with operations in over 100 countries and 300,000+ employees 95,000+ employees in EMEA

5 5 / Ulrika Dellrud The GE difference... Leadership commitment to integrity A culture of compliance supported by world-class systems: Policies Education & Training Communications Auditing & Control

6 6 / Ulrika Dellrud GE and controlled affiliates are also bound: Subsidiaries and other controlled affiliates throughout the world must adopt and follow corresponding policies. A controlled affiliate is a subsidiary or other entity in which GE owns, directly or indirectly, more than 50% of the voting rights, or in which the power to control the entity is possessed by or on behalf of GE. GEs global workforce commits to comply: New employees receive a copy of The Spirit and Letter handbook and acknowledge that they are required to comply with its policies Employees re-acknowledge commitment to S&L every 18 months Failure to comply can lead to termination of employment GE Policies are the Foundation of GEs Integrity 14 policies, including on privacy, outline GEs core legal and ethical responsibilities

7 7 / Ulrika Dellrud Fair Employment Practices Policy (GE Spirit & Letter) Requires respect for the privacy rights of employees by using, maintaining and transferring their personal data in accordance with applicable Company guidelines and procedures. GE Employment Data Protection Standards (Binding Corporate Rules) Protects Employment Data, defined as any information about an identified or identifiable person that is obtained in the context of the persons working relationship with a GE entity. BCRs Incorporated into GE Policy in 2003

8 8 / Ulrika Dellrud Key Principles: Adduces adequate safeguards globally - a high, EU- like standard globally - plus stricter local laws prevail Key protections –Transparency and fairness –Purpose limitation –Data quality –Security –Rights of access, rectification, objection –Protections for onward transfer Enforcement –Internal controls and audits –Reporting channels for suspected violations –Cooperation with Data Protection Authorities (DPA) –Data subject right to seek remedy in home country –Communication and training Today, GEs BCRs Continue to Provide Strong, Global Data Protection

9 9 / Ulrika Dellrud Binding Corporate Rules: An Effective Compliance Approach for GE BCRs + Consistent with GEs compliance structure and practices + Binding on GE entities and employees + Harmonized global guidelines ensure a consistent, strong protection + Policies are alive and visible to our employees + Language is user-friendly and has been translated into many local languages for data handlers and employees around the world + Company assumes responsibility for providing adequate safeguards for data + Strong support for a privacy compliant culture from GE senior management Contracts: – Complex administration with thousands of entities – Complex language; not visible to data handlers or employees Safe Harbor: – Covers only EU to U.S. transfers – Does not cover GEs financial services businesses

10 10 / Ulrika Dellrud BCR Approval Process

11 11 / Ulrika Dellrud BCR Approval Process: Prior to Coordinated Process GE sought recognition of its Standards as a BCR in each country; adopted by German DPAs in July 2003 Lessons Learned: Challenges for companies: Gaining individual approval by 28 EU/EEA countries was time- consuming Minor modifications suggested by individual DPAs triggered significant work: re-training of data handlers; revision of operating procedures; renegotiation with prior-approving DPAs Challenges for DPAs: Hard for DPAs to review BCRs and supporting documentation from many different companies

12 12 / Ulrika Dellrud BCR Approval Process: Coordinated Process GE worked with UKIC as lead authority for coordinated approval of BCR (mid-2004 through present). As one of the first companies to undertake the BCR approval process, GE worked side-by-side with DPAs in a number of countries to facilitate approval. Lessons Learned: Significant effort required by Lead Authority (and UKIC was excellent!) Working collaboratively and transparently with DPA staff and commissioners was effective; in-person meetings essential – but the process took substantial time for GE, the UKIC and all DPAs GE resources (HR, Legal, Privacy, Compliance, Audit teams) heavily involved in demonstrating strong controls Process can work! GE has approvals in 13 countries; pending in 13 more

13 13 / Ulrika Dellrud Managing Practical Implementation Regionally & Globally

14 14 / Ulrika Dellrud Policy Compliance Review Board (PCRB) GE General Counsel Chief Privacy Leader Policy development Practice facilitator Corporate Employment Data Privacy Committee Global Privacy Council Corp Audit & Compliance Team Businesses Chief Privacy Leaders Data Protection Review Boards Senior HR/IT Leaders Poles US Privacy Leaders European Privacy Leaders Asian Privacy Leaders GE Privacy Structure

15 15 / Ulrika Dellrud A strong structure ensures daily compliance Board of Directors Audit Committee Regular updates Legal Organization lawyers in Europe & globally Dedicated compliance leader in each business Independent Auditors Report to BOD Audit Committee auditors in Europe & globally Global Ombudsperson Network Intake and resolve concerns Monitor trends/cases Policy Compliance Review Board (PCRB) Senior GE officers Policy oversight Business reviews GEs Policy Governance Structure

16 16 / Ulrika Dellrud Languages Hotlinks 13 Policies in simple, reader-friendly language Report Concerns & Access Resources GEs policies are visible and user friendly

17 17 / Ulrika Dellrud For Data Handlers- authorized individuals who process employment data Human Resources Information Technology Managers Legal Sourcing Messages via: On-line courses Live training Web articles Training and Communication: Data handlers are trained on their obligations

18 18 / Ulrika Dellrud Business self-audit checklists Data protection FAQs Country toolkits Country experts Links to external sites Privacy reviews before new systems are implemented Substantial guidance is provided to data handlers

19 19 / Ulrika Dellrud BCRs Benefit Companies and DPAs! Benefits for companies: Unified, global standard In-house policy driven by/tailored to a companys unique culture or business/compliance processes More ability to communicate rules, values to employees (better than contracts or safe harbor) Benefits for DPAs: Simplified approval process for BCR Fewer unique data processing approvals, if activity covered by BCR Better awareness of data protection rights on part of individual Increased and clarified role for DPAs in enforcing/approving BCRs of global companies

Download ppt "GEs Binding Corporate Rules: Achievements, Challenges and Solutions Nuala OConnor Kelly Chief Privacy Leader General Electric Company"

Similar presentations

Ads by Google