Aligned with the new General Data Protection Regulation (GDPR):


Iberdrola, the first European utility and IBEX-listed company to get approval for its global privacy and data protection standards

  • Binding Corporate Rules bolster the Group’s global commitment to European standards on privacy and data protection in every country it works in

The Spanish Data Protection Agency (AEPD) has approved the Iberdrola Group’s Binding Corporate Rules (BCRs), making it the first European utility and IBEX-35 company to secure this additional protective mechanism in line with the new General Data Protection Regulation (GDPR).

Binding Corporate Rules are a mechanism put in place under the GDPR to enable a group of companies to make international personal data transfers to subsidiaries based outside the European Economic Area whose level of personal data protection is not guaranteed to be equivalent to EU standards. 

Applying European standards in 15 markets 

In its daily business, Iberdrola processes and transfers a vast amount of personal data internationally to various companies it works with in 15 different markets.

Approving these BCRs reinforces the Group’s commitment to privacy and data protection by applying a model based on this European regulation in all countries, as well as by showing full respect for the fundamental rights of intimacy and privacy, not only in its European companies, but also elsewhere.

Access to legal information