10 April 2020
On 10 April 2020, the Turkish Data Protection Authority introduced binding corporate rules (‘BCR’) for cross-border transfers of personal data for multinational group companies. You may find the English version of the announcement, English version of the application form, and again English version of the ancillary document for data controllers relating to necessary basic elements to be found in BCR here.
BCR represents data protection rules used in the transfer of personal data for multinational corporations operating in countries where adequate protection is not provided and enables the commitment of adequate protection in writing. By introducing BRC, the Turkish Data Protection Authority presents an alternative way for multinational companies to transfer personal data to other countries. In order to apply for BCR, relevant group companies must fill out the TDPA’s application form (available on the website) and apply to the TDPA for the approval of their BCR.
We will share our detailed blog post which includes further explanations and our comments soon.
Data Privacy Blog