Standard Contractual Clauses & Binding Corporate Rules


You can offer the right level of protection when transferring data internationally. With our support, you will be able to establish Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs), and you will comply with all legislative requirements.

Transfer personal data outside the EU in accordance with the GDPR

Save time with help from our international team of experts

Establish guarantees

We help you make contracts according to the type of transfer you are going to make, then establish the appropriate legal documentation.

Transfer Impact Assessment

Comprehensive evaluation of providers and their level of security to adequately protect personal data during each transfer.

Continuous monitoring

From the initial supplier analysis to the legislative review and periodic monitoring to verify that everything established is complied with.

Standard Contractual Clauses (SCCs)

Individually adapted to the type of data transfer
to be carried out

Binding Corporate Rules (BCRs)

We accompany you throughout the process

We help you establish Binding Corporate Rules, also known as ‘BCRs’ in order to be able to carry out international transfers of personal data to a person in charge, or in charge of a group of companies or union of companies in third countries.


The Standard Contractual Clauses are a legal instrument used to carry out international data transfers between an EEA country and a third country with no adequacy decision. They make it possible to guarantee an adequate level of security after the previous security measures were struck down by the Schrems II decision.

Currently, the Standard Contractual Clauses are the most commonly employed method to enable data transfers between the European Union and third countries. After several revisions, the previous model clauses were not considered reliable enough to guarantee an adequate level of data protection, however, the new Standard Contractual Clauses are adapted to the GDPR and offer other types of advantages that allow contracts to be adapted to the type transfer to be made.

The new Standard Contractual Clauses have the following features:

  • The contracts must be individually adapted and have the necessary modules depending on the data transfer scenario.
  • The purpose of processing and information on security measures must be added.
  • Its structure has four sections. A first introductory section with general clauses on interpretation and hierarchy, a second that includes the obligations of the parties, a third on the obligations of analysis of the country’s regulations and obligations on access by public authorities, and a fourth with the final provisions.
  • They are adapted to the GDPR.
  • They offer protection to the interested parties.
  • They allow the conclusion of contracts by third parties (collective contracts).
  • They offer more flexibility and more scope of application.
  • They comply with the Schrems II ruling.
  • Priority regulation and liability regulation.
  • They have more specific considerations on technical and organizational measures.

They are the data protection policies used to carry out international data transfers within a business group or union of companies. The Binding Corporate Rules or BCR will be approved by the competent control authority as established in art. 63 of the GDPR.



Discover how Borneo can help you in taking control of your company’s data protection

Do you have any questions? Get in touch with our sales team.

☏ +1 929-380-2200| Monday to Friday from 8:00 to 17:00 GMT