Multinational companies build up complex information structures to share data on an international level. However, sharing personal data on such a level brings with it questions of legality. In its working document for binding corporate rules (BCRs) for international data transfers, the article 29 working party has outlined principles that may be used to govern such transfers. Based on article 26(2) of the European Union (EU) Data Protection Directive, this forms the authority for the concept of BCRs.
BCRs are intra-corporate global rules that establish consistent and compliant requirements for the use of personal data within a multinational company, satisfying EU standards and making it possible for the local data protection authorities (DPAs) to authorise the data transfer. This concept standardises data protection procedures and thus gives a greater flexibility and efficiency in complying with the legal requirements and transferring personal data around the world.
