Binding corporate rules are legally enforceable policies and frameworks that help businesses comply with the GDPR's requirements around third country data transfers. The rules will address personal data protection and safeguarding that companies located within the EU must follow when transferring personal data outside of the EU and can include components such as internal policies and procedures, training, data audits, codes of conduct, etc.