The main advantage of BCRs over other appropriate means of protection is that, once developed and operational, BCRs can provide a framework for a large number of intra-group transfers to meet the requirements of your organization. You are constantly required to monitor your compliance with your BCRs. These include regular audits and the obligation to maintain a training programme for staff in the processing of personal data. For intra-group divestitures, corporate binding rules (BCRs) can be a more robust alternative. Unlike the use of SCC, multinationals must justify their position on the actual ability of their “third country” subsidiaries to meet CCS obligations. If this assessment proves to be incorrect, the transfer of data is retroactively illegal. In the BCR scenario, this assessment is carried out by the supervisory authorities. Companies with BCRs can rely on the EDPS`s licensing decision, while those using the SCC depend only on their (self-)assessment. This last point may be contested at any time by a supervisory authority.

All members of the Group have signed the BCR Intergroup Agreement (“IGA”) and are therefore required to comply with the BCR Directive. The list of group members is available below (“List of BMC companies that are part of the BCR group agreement”). In addition, a copy of the IGA may be made available to BMC`s Global Privacy Officer upon written request. One of the problems mentioned in WP 74, which has proved to be a problem in practice, is that, in some Member States, national law does not allow the concept of unilateral declarations. This is the basis on which some applications are structured to address how BCRs are constraining across the group. In such cases, the applicant may be required to find an alternative solution, applicable under the law of the Member State concerned, in order to satisfy that requirement. This is the type of issue that was discussed with the lead DPA before an application was put into circulation under the cooperation procedure. It is important to note that BCRs do not provide a basis for transfers outside the group. How does the BCR Directive apply to the BMC group of companies? The BCR Directive describes the standards that members of the BMC Group (“Group Members”) must apply when transmitting personal data internationally, whether to other group members or external service providers, and that Group Members transmit personal data to an external controller for their own purposes or when providing services. The content of the BCR Directive is available in several languages below (“BCR Directive”).