Abstract

Despite the fact that the significance of transfer agreements, especially those based on the standard contractual clauses approved by the decisions of the European Commission, as an instrument supporting international personal data transfer operations is rising, such contracts fail to work in all situations. This concerns in particular international corporations for which a contractual, even multilateral solutions constitute a major burden organizationally, legally and financially without guaranteeing the expected data protection level in each and every case. For this reason the interest in instruments ensuring a global approach to personal data protection based on so-called soft law self-regulatory solutions, i.e. Binding Corporate Rules.

So far, the binding corporate rules allowed for ensuring appropriate safeguards in the context of a cross-border transfer of personal data exclusively between data administrators. For some time now, this instrument may also be used by so-called data processors, i.e. entities defined in Art. 31 of the Personal Data Protection Act. This article discusses the nature, purposes, contents and possible scope of application of binding corporate rules dedicated to data processors, with a special emphasis on the national perspective.Also de lege ferenda postulates have been put forward to make this legal instrument more attractive.