TRUSTe and Promontory have launched a joint BCR Management Program designed to make it quicker, simpler, and cheaper for businesses.


Prepare for compliance with the Binding Corporate Rules (BCRs) regime, apply for authorization from their Data Protection Authority to use BCRs for international data transfers within their organization, and self-certify their ongoing BCRs compliance through the Program.


BCRs are designed to allow multinational companies to transfer personal data from the European Economic Area (EEA) to their affiliates outside the EEA in compliance with Data Protection Directive 95/46/EC.


The most utilized current alternative to BCRs is the use of the model contractual clauses approved by the European Commission.


However, in multinational companies with complex structures, there are drawbacks where hundreds of contracts may be required to cover transfers between all affiliates, and keeping those contracts up to date can be difficult and time consuming.


TRUSTe will be delivering and managing the new TRUSTe-Promontory BCR Management Program, based on a framework developed by Promontory, a global regulatory compliance consulting firm.


This new program is designed to offer organizations the combination of TRUSTe’s credibility and experience in developing privacy certification programs and Promontory’s experience of European data protection regulation and addressing corporate compliance around international data transfers.


The announcement this week, was welcomed by Lindsey Greig, CEO of DataGuidance:


“BCRs are shaping up to take a central role in the compliance strategy of the European Union. But for all the talk, the reality on the ground has been significantly different. Obtaining BCR approval has been costly, slow and time consuming with BCR approvals numbered in tens rather than hundreds.

Initiatives to make the process speedier and less costly, while not sacrificing the quality of the protections offered to consumers have to be welcomed.”