ÎÚÑ»´«Ã½

Skip to Content

Binding Corporate Rules

As one of the world’s foremost providers of consulting, technology and outsourcing services to a wide array of clients around the world, ÎÚÑ»´«Ã½ is committed to protecting privacy and the Personal Data entrusted to it. As an international Group with companies in more than 40 countries, ÎÚÑ»´«Ã½ needs to ensure that Personal Data flows freely and securely between all companies in the ÎÚÑ»´«Ã½ Group with an appropriate and uniformed level of protection.

ÎÚÑ»´«Ã½â€™s Binding Corporate Rules (BCRs) consist of its Controller and Processor EU BCRs and Controller UK BCRs, and Processor UK BCRs (ÎÚÑ»´«Ã½ BCRs).

ÎÚÑ»´«Ã½ EU BCRs – ÎÚÑ»´«Ã½â€™s Controller and Processor EU BCRs were approved by its lead Supervisory authority the CNIL in 2016, and further updated to comply with the General Data Protection Regulation (GDPR) in 2019 as acknowledged by the CNIL.

ÎÚÑ»´«Ã½ UK BCRs – Following Brexit and the introduction of the UK GDPR, ÎÚÑ»´«Ã½ sought the approval of both its Controller and Processor UK BCRs. The ÎÚÑ»´«Ã½ UK BCRs were approved by the Information Commissioner’s office in February 2022.

ÎÚÑ»´«Ã½ BCRs may be amended from time to time including updating the members of the ÎÚÑ»´«Ã½ Group that are subject to our BCRs and to comply with new requirements issued by the data protection authorities.

Following the so-called ‘Schrems II ’ decision from the European Court of Justice (ECJ), Binding Corporate Rules remain a valid and lawful transfer mechanism and in light of such decision ÎÚÑ»´«Ã½ has not currently modified its BCRs. If further guidance is provided requiring changes to the Binding Corporate Rules, then ÎÚÑ»´«Ã½ shall seek to implement the relevant amendments to its BCRs to ensure continued compliance.

ÎÚÑ»´«Ã½ is committed to protecting all personal data entrusted to it as part of its activities as a Data Controller and as a Data Processor. As an international group, it is important to ÎÚÑ»´«Ã½ that information flows freely and securely. Providing an appropriate level of protection to the personal data being transferred within the group, is one of the reasons why ÎÚÑ»´«Ã½ has chosen to implement these Binding Corporate Rules (BCR) which were first approved by the French data protection authority, the CNIL, in March 2016. This is all the more important as legal data protection and legal data security are crucial for each affiliate of ÎÚÑ»´«Ã½. The financial and reputational risks are high.