Binding corporate rules (BCRs) are internal data protection rules that govern transfers of personal data within a group from EEA entities to entities located outside the EEA (third countries). The rules contain general data protection principles and allow for a right of action by a data subject against the group for failure to comply with the rules. As a package, BCRs can provide the appropriate safeguards to govern all data transfers in a group, per the GDPR. What are the advantages of BCRs, what is the approval process, and what is the impact of BREXIT on them?