Companies should start the process for Binding Corporate Rules (BCRs) now so they will be ready for the new EU data protection regime, stated Eduardo Ustaran, Partner at Field Fisher Waterhouse LLP. ”BCRs should be the next big project for companies,” said Ustaran. “The real success of BCRs is that they can be tailored to the way a company operates. BCRs are not just for multinationals; smaller companies can also benefit.” In particular, the proposed EU Data Protection Regulation – put forward by the Commission in 2012 – recommends companies of all sizes adopt BCRs as a means of legitimizing intra-group transfers out of Europe, and states that they should be binding not only within companies but also with respect to third parties. Amendments submitted in January 2013 by EU Parliamentary Rapporteur Jan-Philipp Albrecht could add further obligations including data minimisation, limited retention periods and privacy by design. On the international front, the Asia Pacific Economic Cooperation (APEC) is currently examining ways to harmonise its Cross Border Privacy Rules to that of BCRs.