BINDING CORPORATE RULES (BCR)
Iberdrola group committed with privacy and data protection
The General Data Protection Regulation ("GDPR") establishes the necessary conditions to carry out transfers of personal data from the European Economic Area (EEA) to another country. The "GDPR" applies to all transfers of personal data outside the EEA, including internal transfers of data within a group of companies. These transfers are only allowed if a level of protection has been established that guarantees compliance with the "GDPR".
To comply with these requirements, Iberdrola has implemented the Binding Corporate Rules (BCR) [PDF], opens in new window. of the Iberdrola Group. These Rules are binding on all Group Companies, which undertake to respect them and comply with their provisions in the collection, compilation and processing of personal data for the fulfillment of their own purposes, and enforce them by all their employees.
The BCR reflect the new "GDPR" requirements and are revised annually. Iberdrola's main supervisory authority for BCR is the Spanish Data Protection Agency (AEPD), which has supervised its approval process.