Article 47 - Binding corporate rules

Article 47 of the GDPR sets out the conditions for approving Binding Corporate Rules (BCRs), which are internal data-protection policies that multinational groups can adopt to allow lawful transfers of personal data between group entities outside the EU. It requires BCRs to be approved by a competent supervisory authority, to guarantee enforceable rights for data subjects, and to include mechanisms for monitoring, handling complaints and ensuring accountability across the organization.