Binding Corporate Rules

The General Data Protection Regulation

Start adding items to your reading lists:
Save this item to:
This item has been saved to your reading list.

Under the General Data Protection Regulation (‘GDPR’), transfers of personal data outside of the EU are restricted to ensure that the level of protection afforded by the GDPR is not undermined. Personal data may only be transferred to a jurisdiction outside the EU (a ‘third country’) or international organisation in compliance with certain safeguards and conditions for transfers. Binding Corporate Rules (‘BCRs’) are one way that controllers and processors can comply with the GDPR’s third country data transfer requirements. They are explicitly recognised in the GDPR as a mechanism providing appropriate safeguards for third country data transfers (Article 46(2)(b) and 47, GDPR).

What are BCRs?

BCRs are legally binding and enforceable internal rules and policies for data transfers within multinational group companies and work in a way somewhat similar to an internal code of conduct. They allow multinational companies to transfer personal data internationally within the same corporate group to countries that do not provide an adequate level of protection for personal data as required under the GDPR.

BCRs ensure that all data transfers within a corporate group comply with the GDPR and must contain:

  • data protection principles, such as transparency, data quality, and  security;
  • tools of effectiveness (such as audit, training and complaint handling); and
  • an element proving that the BCRs are binding, both internally and externally.

There are two types of BCRs – Controller BCRs and Processor BCR’s – and this article focus on Controller BCRs.

Contact us

Richard Chudzynski

Legal Data Protection and Privacy Leader, PwC Middle East

Tel: +971 (0) 4 304 3729

Gordon Wade

Senior Data Protection and Privacy Lawyer, PwC Middle East

Tel: +971 (0) 4 515 7149

Alice Gravenor

Data Protection and Privacy Senior Associate, PwC Middle East

Tel: +971 502 134 884

Follow us