Changeflow GovPing Data Privacy & Cybersecurity Opinion 12/2026 on Spanish Controller BCRs of S...
Priority review Guidance Added Final

Opinion 12/2026 on Spanish Controller BCRs of Santander Group

Favicon for edpb.europa.eu EDPB Documents (GDPR)
Published
Detected
Email

Summary

The European Data Protection Board adopted Opinion 12/2026 regarding the draft decision of the Spanish Supervisory Authority on the Controller Binding Corporate Rules of the Santander Group. The opinion was issued under Article 64 GDPR consistency mechanism and addresses international transfers of data. The EDPB opinion is non-binding and will inform the Spanish SA's final decision on Santander's BCR application.

“Opinion 12/2026 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the Santander Group”

EDPB , verbatim from source
Published by EDPB on edpb.europa.eu . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .

About this source

GovPing monitors EDPB Documents (GDPR) for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 24 changes logged to date.

View original document View source feed page

What changed

The EDPB issued Opinion 12/2026 reviewing the Spanish Supervisory Authority's draft decision on the Santander Group's Controller Binding Corporate Rules. BCRs are intra-group policies that enable multinationals to transfer personal data outside the EU/EEA under GDPR Chapter V safeguards. The opinion contributes to ensuring consistent application of GDPR standards across supervisory authorities.

For multinational groups like Santander operating under BCRs, the EDPB's consistency opinion signals alignment with EU data protection standards and may influence future BCR renewal or amendment processes. Companies with existing or pending BCR authorizations should monitor EDPB opinions as they reflect evolving regulatory expectations for cross-border data transfer mechanisms.

Archived snapshot

Apr 27, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Opinion 12/2026 166KB English Download Members:
- Spain
Topics:
- International Transfers of Data
- Binding Corporate Rules

Latest publications

27 April 2026 Publication Type:
- Opinion of the Board (Art. 64)

Opinion 12/2026 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the Santander Group

27 April 2026 Publication Type:
- Opinion of the Board (Art. 64)

Opinion 9/2026 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the Jacobs Douwe Egberts Group

27 April 2026 Publication Type:
- Opinion of the Board (Art. 64)

Opinion 10/2026 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the SLB Group

27 April 2026 Publication Type:
- Opinion of the Board (Art. 64)

Report on the use of SPE external experts in 2025

24 April 2026 Publication Type:
- Support Pool of Experts projects

Named provisions

Article 64 GDPR Opinion

Mentioned entities

European Data Protection Board

Parties

Santander Group

Related changes

Favicon for edpb.europa.eu Opinion 11/2026 on Belgian Draft Decision on Controller BCRs for Kuwait Petroleum Group
Priority review Apr 27, 2026 EDPB Documents (GDPR) Data Privacy & Cybersecurity
Favicon for edpb.europa.eu Opinion 9/2026 on Dutch Draft Decision for Jacobs Douwe Egberts Controller Binding Corporate Rules
Priority review Apr 27, 2026 EDPB Documents (GDPR) Data Privacy & Cybersecurity
Favicon for edpb.europa.eu Dutch BCRs Draft Decision for SLB Group
Routine Apr 27, 2026 EDPB Documents (GDPR) Data Privacy & Cybersecurity

Get daily alerts for EDPB Documents (GDPR)

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for edpb.europa.eu
EDPB Documents (GDPR) edpb.europa.eu/our-work-tools/our-documents_en
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from EDPB.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
EDPB
Published
April 27th, 2026
Instrument
Guidance
Branch
International
Joint with
AEPD
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Public companies
Industry sector
5221 Commercial Banking
Activity scope
International data transfers BCR authorization Cross-border data flows
Geographic scope
European Union EU

Taxonomy

Primary area
Data Privacy
Operational domain
Compliance
Compliance frameworks
GDPR
Topics
International Trade

Browse Categories

Agriculture & Food Safety 84 AI Regulation 1 Banking & Finance 507 Consumer Protection 142 Courts & Legal 630 Data Privacy & Cybersecurity 153 Defense & National Security 52 Education 63 Energy 135 Environment 170 Government & Legislation 529 Healthcare 1 Healthcare & Life Sciences 412 Immigration 11 Insurance 90 Labor & Employment 196 Pharma & Drug Safety 13 Professional Licensing 1 Real Estate & Housing 76 Securities & Markets 178 Tax 118 Telecom & Technology 57 Trade & Sanctions 167 Transportation 132

Get alerts for this source

We'll email you when EDPB Documents (GDPR) publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!