The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

The concept of using Binding Corporate Rules (BCRs) to provide adequate safeguards for making restricted transfers was developed under EU law and continues to be part of UK law under the UK GDPR, specifically, Article 47.

You can make a restricted transfer within an international organisation if both you and the receiver have signed up to approved BCRs. UK BCRs are approved by the Commissioner under Article 58.3(j).

BCRs are intended for use by multinational corporate groups, groups of undertakings or a group of enterprises engaged in a joint economic activity such as franchises, joint ventures or professional partnerships.

Latest updates

25 July 2022 - new guidance, application forms and tables for data controllers and processors released.