🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

Article 47 of the GDPR: Binding Corporate Rules (BCR)

Home GDPR articles decrypted Article 47 of the GDPR: Binding Corporate Rules (BCR)

Article 47 of the GDPR: Binding Corporate Rules (BCR)

Article 47 of the GDPR regulates binding Corporate Rules (BCR). It is a mechanism allowing groups of companies to transfer personal data within their entity, even outside the EU, while ensuring an adequate level of protection.

Article 47 of the GDPR explained

The BCRs are internal rules adopted by a multinational group, legally binding and enforceable, which must:

  • Be approved by a supervisory authority (such as the CNIL);
  • Guarantee effective rights for the persons concerned (recourse, reparation, transparency);
  • Define responsibilities, internal procedures, control and training mechanisms;
  • Be enforceable between group entities, regardless of their country of operation.

Why is this article important for your GDPR compliance?

The BCRs are one sustainable and structuring solution to regulate international intra-group transfers. They allow you to demonstrate organizational compliance at a high level, even in a complex global context.

How to comply with Article 47 of the GDPR?

  • Identify intra-group data transfers to unsuitable countries;
  • Write BCRs that comply with the requirements of section 47;
  • Submit them for approval by the competent supervisory authority;
  • Ensure effective implementation (process, documentation, training...).

Examples of application of Article 47 of the GDPR

  • A French pharmaceutical group is setting up BCRs to regulate transfers to its subsidiaries in the United States and Asia;
  • A tech company sets up an internal GDPR control committee to guarantee compliance with the BCRs;
  • An annual internal audit verifies the application of binding corporate rules in all entities.

Related Resources

Accelerate your compliance in just a few clicks

With our all-in-one solution, you can accelerate and ensure compliance easily:

  • Automate your compliance with our GDPR software
  • Supported or outsourced by our DPO experts
  • Raise awareness among your teams with our GDPR training e-learning

Request a demo with an expert

Assess your situation in 15 minutes with our free, no-obligation GDPR self-diagnosis.

GDPR: Self-assess now

Other articles
on the same subject