Out-Law.com reports that
Hyatt Hotels has become just the fifth company operating in the UK to use a complex process that allows it to send personal data around the world without breaking EU rules. It has signed up to use Binding Corporate Rules (BCRs).
They explain the background:
The European Union’s Data Protection Directive prevents companies sending personal data outside of the EU except when the destination country has been pre-approved as having adequate data protection. Only a handful of countries – Argentina, Canada, Switzerland, Guernsey, the Isle of Man and Jersey – have qualified as having adequate protection.
When companies want to send personal data to other non-EU countries, that data transfer must be governed by adequate protection, even when the transfer is from one part of a company to another part of the same firm.
One way in which that is possible is by using BCRs. This involves a company submitting its data protection processes to a data protection watchdog and having them approved for use.
Read more on Out-Law.com.