Rakuten granted approval for Binding Corporate Rules by United Kingdom Information Commissioner’s Office
The Rakuten Group has made another important stride toward further strengthening its commitment to privacy and data protection globally. Earlier today, the company announced that the Rakuten Group has obtained approval for its United Kingdom Binding Corporate Rules (U.K. BCR).
In May 2022, the United Kingdom Information Commissioner’s Office (ICO) — the U.K.’s Data Protection Authority — granted their approval to the definitive text of Rakuten’s U.K. BCR.
This approval signifies that Rakuten’s U.K. BCR has been deemed to have a sufficient level of protection, according to the U.K. Data Protection Authority. It is now possible, within the Rakuten Group, to transfer personal data across borders outside the United Kingdom, based on this U.K. BCR.
After the application in June 2021, and continuous efforts to fully meet the Commissioner’s requirements, the final version obtained the green light from the U.K. Data Protection Authority. This approval also makes Rakuten one of the first companies headquartered in Asia to be granted such status.
BCR: Protecting your privacy
Binding Corporate Rules are a set of internal rules that establish the legal privacy framework and general data protection principles to be observed by multinational corporate groups as a means to lawfully transfer data internationally.
BCRs are internationally recognized as a sufficient safeguard for making restricted transfers within these organizations both under the EU General Data Protection Regulation (GDPR) and the U.K. Data Protection Regulation (U.K. GDPR).
After the withdrawal of the U.K. from the European Union, Rakuten Group companies could no longer rely on the EU BCR for data transfers that included personal data originating in the U.K., which could pose a significant compliance risk.
International personal data transfers remain a concern of our users. By having U.K. BCR approved by the ICO, the Rakuten Group aims to streamline its internal privacy processes, reduce compliance risk and effectively develop a relationship of trust with the regulators and users.
Rakuten takes its data protection responsibilities seriously and is transparent with data protection regulators. Going forward, the company will continue to both comply with all applicable regulations and provide innovative services, further strengthening its commitment to privacy and data protection while expanding our businesses globally.