Docusign Reaches Another Milestone in Global Expansion with BCR Approval  

By Reggie Davis, General Counsel, Chief Privacy Officer

It is an exciting day for Docusign’s 300,000 customers and our hundreds of millions of users across the globe, as we announce the approval of our applications for Binding Corporate Rules (BCRs) as both a data controller and a data processor.

Grounded in the European Union’s (EU’s) stringent standards for data privacy, BCRs are widely considered the ‘gold standard’ for legal transfers of personal data outside the EU.

Achieving BCR approval is extremely important in the EU, where the General Data Protection Regulation (GDPR) compliance deadline in May is fast approaching and promises to give greater protection and rights to EU citizens while holding organizations accountable for protecting personal data.

The BCR approval process is rigorous and requires a strong commitment to data privacy and protection. It typically takes more than two years to complete and requires significant investments of time and resources to draft, implement and maintain. Only the most privacy-committed organizations have their BCR applications approved and Docusign is proud to now be among them.


Docusign's top priority is the privacy and security of our customers' documents. That’s why we endeavor to meet or exceed rigorous national and international security standards, as indicated by our current ISO 27001 certification. And given that trust is the foundation of any successful transactions, BCR approval further demonstrates Docusign’s strong commitment to data protection and to our robust internal data protection practices.

Docusign’s approved BCRs will serve as a legally valid transfer mechanism and commit Docusign to implementing the highest standards for protecting the personal data of both its customers and its employees in accordance with EU data protection standards anywhere in the world that Docusign operates. As Docusign implements these BCRs, enterprise and multinational organizations, as well as customers of all sizes concerned about privacy will be able to transact business with increased confidence knowing that they are complying with GDPR data transfer requirements when using Docusign.

Customers can leverage Docusign’s approved BCRs as evidence of their own compliance with applicable EU data transfer laws, as well as demonstrate to their customers and partners that they use a vendor that adheres to the gold standard for international data transfers.


Given our commitment to business across the EU, we selected the Irish Data Protection Commissioner as the lead data protection authority for our BCR applications. Our ‘Invest for Europe’ initiative over the last two years has included the launch of data centers in Amsterdam, Frankfurt, and Paris, and has been accompanied by extensive platform development with the launch of our Standards-Based Signatures suite, Hybrid Cloud deployment offering and Trust Service Provider partner program—all of which align to the EU-wide eIDAS regulation.

Across the globe, we’re committed to helping our customers achieve all the benefits of digital transformation – while keeping their data private, safe and secure

Related Topics