Which of the following best describes proper compliance for an international organization using Binding Corporate Rules (BCRs) as a controller or processor?

Which of the following best describes proper compliance for an international organization using Binding Corporate Rules (BCRs) as a controller or processor?
A . Employees must sign an ad hoc contractual agreement each time personal data is exported.
B . All employees are subject to the rules in their entirety, regardless of where the work is taking place.
C . All employees must follow the privacy regulations of the jurisdictions where the current scope of their work is established.
D . Employees who control personal data must complete a rigorous certification procedure, as they are exempt from legal enforcement.

View Answer

Answer: C

Explanation:

Binding Corporate Rules (BCRs) are a mechanism for international organizations to transfer personal data within their group of companies across different jurisdictions, in compliance with the EU General Data Protection Regulation (GDPR) and other privacy laws. BCRs are legally binding and enforceable by data protection authorities and data subjects. BCRs must ensure that all employees who process personal data follow the privacy regulations of the jurisdictions where the data originates from, regardless of where they are located or where the data is transferred to.

Reference: [Binding Corporate Rules], [BCRs for controllers], [BCRs for processors]

Reference: https://www.lexology.com/library/detail.aspx?g=80239951-01b8-409f-9019-953f5233852e