Guide to Binding Corporate Rules (old)
-
Due to the Data (Use and Access) Act coming into law on 19 June 2025, this guidance is under review and may be subject to change. The Plans for new and updated guidance page will tell you about which guidance will be updated and when this will happen.
The concept of using Binding Corporate Rules (BCRs) to provide adequate safeguards for making restricted transfers was developed under EU law and continues to be part of UK law under the UK GDPR, specifically, Article 47.
You can make a restricted transfer within an international organisation if both you and the receiver have signed up to approved BCRs. UK BCRs are approved by the Commissioner under Article 58.3(j).
BCRs are intended for use by multinational corporate groups, groups of undertakings or a group of enterprises engaged in a joint economic activity such as franchises, joint ventures or professional partnerships.
Latest updates
25 July 2022 - new guidance, application forms and tables for data controllers and processors released.