Providing appropriate safeguards with binding corporate rules
(1) Appropriate safeguards may be provided through binding corporate rules for the protection of personal data, which the companies within the group of undertakings engaged in joint economic activity are obliged to comply with. To transfer personal data abroad based on binding corporate rules, an application for approval shall be submitted to the Board.
(2) As part of the application, the text of the binding corporate rules and any other information and documents necessary for the Board’s evaluation shall be submitted to the Board. If any document submitted for the application is in a foreign language, a notarised translation shall be attached to the application. If the binding corporate rules are also prepared in a foreign language, the Turkish text shall prevail.
(3) In approving the binding corporate rules, the Board shall consider the following:
- a) The binding corporate rules are legally binding and enforceable for each relevant member within the group of undertakings engaged in joint economic activity, including their employees;
- b) The binding corporate rules include a commitment to ensure enforceable data subject rights;
- c) The binding corporate rules contain at least the elements specified in Article 13.
(4) The transfer of personal data may only commence after the Board has approved the binding corporate rules.