Binding Corporate Rules (BCR)

Iberdrola group committed with privacy and data protection

The General Data Protection Regulation ("GDPR") establishes the necessary conditions to carry out transfers of personal data from the European Economic Area (EEA) to another country. The "GDPR" applies to all transfers of personal data outside the EEA, including internal transfers of data within a group of companies. These transfers are only allowed if a level of protection has been established that guarantees compliance with the "GDPR".

To comply with these requirements, Iberdrola has implemented the Binding Corporate Rules (BCR) [PDF] External link, opens in new window., opens in new window. of the Iberdrola Group. These Rules are binding on all Group Companies, which undertake to respect them and comply with their provisions in the collection, compilation and processing of personal data for the fulfillment of their own purposes, and enforce them by all their employees.

The BCR reflect the new "GDPR" requirements and are revised annually. Iberdrola's main supervisory authority for BCR is the Spanish Data Protection Agency (AEPD), which has supervised its approval process.

You can download a copy of the BCR here. [PDF] External link, opens in new window.

The list of Iberdrola Group entities signed up to the BCR is available here [PDF] External link, opens in new window..

If you have any questions about our BCR, you can do so through the Privacy Mailbox or by contacting dpo@iberdrola.com.