All multinational companies are constantly transferring data relating to identified or identifiable human beings (data subjects). Data is moved between different parts of the same business and to and from suppliers, customers and other third parties. When such data moves between countries, the laws of multiple countries may become relevant, potentially including a multinational business within their jurisdiction when that multinational acts as a data controller determining the purposes, conditions and means of processing involved. This also renders the business vulnerable to potential penalties for breaches of the law. One way to manage the ongoing problems of moving data across the world is to introduce Binding Corporate Rules (BCRs) to govern global data transfer.