Certified Information Privacy Professional – Europe (CIPP/E) — Question 178

Which sentence best describes proper compliance for an international organization using Binding Corporate Rules (BCRs) as a controller or processor?

Answer options

• A. Employees must sign an ad hoc contractual agreement each time personal data is exported.
• B. All employees are subject to the rules in their entirety, regardless of where the work is taking place.
• C. All employees must follow the privacy regulations of the jurisdictions where the current scope of their work is established.
• D. Employees who control personal data must complete a rigorous certification procedure, as they are exempt from legal enforcement.

Correct answer: B

Explanation

Option B is correct because Binding Corporate Rules (BCRs) require that all employees comply fully with the established rules, independent of their location. Option A is incorrect since BCRs do not necessitate an ad hoc agreement for each data export. Option C is misleading as BCRs encompass overarching compliance rather than just local jurisdiction regulations. Option D is false because employees handling personal data are indeed subject to legal enforcement, not exempt from it.