Binding Corporate Rules
DocuSign maintains Binding Corporate Rules (BCRs) as both a data processor and data controller, which have been approved by the European Union Data Protection Authorities. Considered the gold standard for data protection, BCRs are a strict set of rules for members of the DocuSign corporate family and reflect the rigor and commitment to privacy that DocuSign makes to its customers, employees and other business contacts.
Only the most privacy-committed organizations successfully achieve BCR approval. To date, a limited number of companies worldwide have obtained BCR approval. Of those, only a portion are approved as BCR for processors (BCR-P), explained in greater detail below.
From time to time, DocuSign may update its BCRs. The links below reflect our most recent approved BCRs, which took effect on August 3, 2021.
For more on DocuSign’s privacy practices, visit the Trust Center privacy page.