Accenture’s Data Controller Binding Corporate Rules (“BCR”)
There are strict European data privacy laws which govern transfers of personal data from the European Economic Area (EEA) to another country. These laws apply to all transfers of personal data outside the EEA, including internal transfers of data within a group of companies. Such transfers are generally only allowed if a substantially equivalent level of protection has been put in place using arrangements which have been approved by European regulators.
To comply with these European requirements, Accenture has implemented a set of data privacy rules known as Binding Corporate Rules for Data Controllers (BCR). These are legally binding on all Accenture participating entities and Accenture must integrate the requirements within our business practices.
Accenture’s BCR has been in place since 2009, following an approval process conducted by the European Union data privacy regulators. The BCR was updated in 2018 to reflect new requirements under the EU General Data Protection Regulation and is reviewed annually. Accenture’s Lead Supervisory Authority for the BCR is the Irish Data Protection Commission.