Binding Corporate Rules (BCRs) are an intracompany code of conduct that regulates the principles and rules that apply to the processing and transfer of personal data within a company group, including cross-border. BCRs were established through the standard practice of data protection authorities (DPAs) and the guidance of the Article 29 Working Party (WP29). The upcoming General Data Protection Regulation (GDPR) explicitly recognizes BCRs, both for controllers (BCR-C) and processors (BCR-P). It also extends the scope of application not only to a corporate group but also to a group of enterprises engaged in a joint economic activity, for instance joint ventures.
Please see full publication below for more information.