Is there something like a „group privilege“ regarding data processing in between the legal entities of a corporation, which of course would be very helpful? National laws in effect to date in Member States do generally not provide for a „group privilege“ for corporate groups. Neither does the GDPR, at least not explicitely. GDPR does, however, privilege internal administrative purposes and therefore does make data transfers easier in this context.
With the GDPR coming into effect corporate groups can make use of this opportunity. To do so, you will need to elaborate and document your group wide data streams. Then you will need to evaluate why those data streams occur and what they mean to the data subjects. This will enable corporations to assess where or not and what kind of legitimate interests they have have to justify those data streams.
Depending on your findings you will then have to identify and implement relevant communications, declarations and agreements required to implement GDPR-compliant data processing within the legal entities of a corporation.
Key Takeaways: