print_label | resize_label


Binding Corporate Rules


Binding Corporate Rules (BCRs) are designed to allow multinational companies to transfer personal data from the European Economic Area (EEA) to their affiliates located outside the EEA, in compliance with European data protection law requirements.

In order to obtain approval for our BCRs, AstraZeneca (We, Us, Our) had to demonstrate to a number of European data privacy regulators that We have adequate safeguards in place for protecting personal data throughout Our organisation, in line with the requirements found in the published guidance papers on BCRs of European data protection regulators. Although We obtained approval for our BCRs in 2014, We have updated our BCRs following the entry into force of the EU General Data Protection Regulation (GDPR) on May 25, 2018, to provide for even greater protections for personal data shared among AstraZeneca’s Affiliates.

The approval process involved a review of the key elements of Our data privacy framework, including Our:

  • Data Privacy Standard
  • Intra-Group Agreement (IGA) which is the agreement signed by AstraZeneca’s Affiliates to give legal effect to the BCR requirements, and that bestows third-party beneficiary rights upon you, discussed in “Your Rights” section.