Binding Corporate Rules (BCR)
Readiness Assessment

Extend your global privacy strategy through Binding Corporate Rules.

Binding Corporate Rules (BCRs) are designed to allow multinational companies to transfer personal data from the European Economic Area (EEA) to their affiliates located outside of the EEA in compliance with the GDPR. Currently, the most popular alternative to BCRs is the use of the model contractual clauses approved by the European Commission. However, in multinational companies with complex structures, there are drawbacks where hundreds of contracts may be required to cover transfers between all affiliates, and keeping those contracts up to date can be difficult and time consuming.

TrustArc BCR Readiness Assessment

Binding Corporate Rules are one of the options available for companies to meet international data transfer requirements but companies don’t necessarily want to commit to BCRs without a clear idea of the process and costs involved. The BCR Readiness Assessment helps companies to quickly review whether BCRs are right for them and the necessary steps to achieve compliance with the requirements. The framework will help companies build their BCR application in a streamlined and consistent manner and assess cost implications in advance. This assessment leverages our privacy platform and Assessment Manager technology alongside experience in addressing corporate compliance around international data transfers through preparing companies to self-certify with Privacy Shield and as the Accountability Agent for the APEC Cross-Border Privacy Rules Framework.

Powerful Technology + Proven Methodology + Deep Expertise

The TrustArc Platform powers all solutions, combining:
9+ years of high scale operating experience
1,000s of successful customer engagements
20+ years of privacy industry experience

Our Proven, 3-Phase Process

Our privacy consultants can conduct a BCR Readiness Assessment to quickly give you the information you need to assess where you stand and what next steps you need to take to prepare for BCR submission.

Phase One

& Assessment

We first conduct discovery of your company’s existing policies, practices, and documentation relevant to a BCR application. We also conduct interviews to identify relevant personal data flows. In addition to information gathered during discovery, we leverage information from your existing TRUSTe Enterprise, Privacy Shield, and APEC Assessments and Certifications. We then assess your company against our BCR Readiness Assessment requirements, based on a combination of sources including the Article 29 Working Party papers (WP 74, WP 108, WP 133) and the Referential BCR CBPR Requirements (“Referential”).

Phase Two

Findings Report

Our privacy experts deliver a Findings Report that includes a summary of requirements that are met along with gaps and recommended action items, broken down by priority and level of effort. This can help you determine whether to continue with preparation for the BCR submission. Should you decide to move forward with preparation, the Findings Report serves as a project plan of clearly defined steps. This can help you effectively direct internal resources as well as outside counsel or consultants on any necessary work, so you can stay in control of the scope and budget.

Phase Three


TrustArc privacy experts advise on how best to package existing documentation to streamline the BCR application process.

Extend your global privacy strategy through Binding Corporate Rules.