Binding Corporate Rules

Binding Corporate Rules (BCR)
Readiness Assessment

Extend your global privacy strategy through Binding Corporate Rules.

Binding Corporate Rules (BCRs) are designed to allow multinational companies to transfer personal data from the European Economic Area (EEA) to their affiliates located outside of the EEA in compliance with Directive 95/46/EC. Currently, the most popular alternative to BCRs is the use of the model contractual clauses approved by the European Commission. However, in multinational companies with complex structures, there are drawbacks where hundreds of contracts may be required to cover transfers between all affiliates, and keeping those contracts up to date can be difficult and time consuming.

TrustArc BCR Readiness Assessment

Binding Corporate Rules are one of the options available for companies to meet international data transfer requirements but companies don’t necessarily want to commit to BCRs without a clear idea of the process and costs involved. The BCR Readiness Assessment helps companies to quickly review whether BCRs are right for them and the necessary steps to achieve compliance with the requirements. The framework will help companies build their BCR application in a streamlined and consistent manner and assess cost implications in advance. This assessment leverages our privacy platform and Assessment Manager technology alongside experience in addressing corporate compliance around international data transfers through preparing companies to self-certify with Privacy Shield and as the Accountability Agent for the APEC Cross-Border Privacy Rules Framework.

Privacy Expertise - TrustArc
Proven Methodology - TrustArc
Powerful Technology - TrustArc

Deep Privacy Expertise + Proven Methodology + Powerful Technology

TrustArc solutions are powered by a unique combination of deep privacy expertise developed over two decades, proven methodologies refined through tens of thousands of engagements, and powerful technology operating at scale for six years.

Our Proven, 3-Phase Process

Our privacy consultants can conduct a BCR Readiness Assessment to quickly give you the information you need to assess where you stand and what next steps you need to take to prepare for BCR submission.


Phase One

Discovery
& Assessment

We first conduct discovery of your company’s existing policies, practices, and documentation relevant to a BCR application. We also conduct interviews to identify relevant personal data flows. In addition to information gathered during discovery, we leverage information from your existing TRUSTe Enterprise, Privacy Shield, and APEC Assessments and Certifications. We then assess your company against our BCR Readiness Assessment requirements, based on a combination of sources including the Article 29 Working Party papers (WP 74, WP 108, WP 133) and the Referential BCR CBPR Requirements (“Referential”).

Phase Two

Findings Report

Our privacy experts deliver a Findings Report that includes a summary of requirements that are met along with gaps and recommended action items, broken down by priority and level of effort. This can help you determine whether to continue with preparation for the BCR submission. Should you decide to move forward with preparation, the Findings Report serves as a project plan of clearly defined steps. This can help you effectively direct internal resources as well as outside counsel or consultants on any necessary work, so you can stay in control of the scope and budget.

Phase Three

Guidance

TrustArc privacy experts advise on how best to package existing documentation to streamline the BCR application process.

Extend your global privacy strategy through Binding Corporate Rules.


Resources