Accenture’s Data Controller Binding Corporate Rules (“BCR”)
There are strict European and UK data privacy laws which govern transfers of personal data from the European Economic Area (EEA) and the UK to another country. These laws apply to all transfers of personal data outside the EEA and the UK, including internal transfers of data within a group of companies. Such transfers are generally only allowed if a substantially equivalent level of protection has been put in place using arrangements which have been approved by European regulators.
To comply with these European and UK requirements, Accenture has implemented a set of data privacy rules known as Binding Corporate Rules for Data Controllers (BCR). These are legally binding on all Accenture participating entities and Accenture must integrate the requirements within our business practices.
Accenture’s EU BCR has been in place since 2009, following an approval process conducted by the European Union data privacy regulators. The BCR was updated in 2018 to reflect new requirements under the EU General Data Protection Regulation and is reviewed annually. Accenture’s Lead Supervisory Authority for the EU BCR is the Irish Data Protection Commission.
Accenture’s UK BCR was approved in 2021 and since then Accenture has been able to rely on the UK BCR to make data transfers out of the UK. The UK BCR is reviewed annually and must comply with the UK GDPR. Accenture’s Lead Supervisory Authority for the UK BCR is the UK Information Commissioner's Office.