Workday Binding Corporate Rules


Workday is committed to high standards of data protection and is one of the few enterprise cloud providers that has Processor Binding Corporate Rules (BCRs). 

BCRs are a set of data protection policies that govern the processing of personal data within a multinational group and allow us to lawfully transfer our customers’ personal data from the European Economic Area (EEA) and the United Kingdom (UK) to countries that have not yet been deemed adequate in terms of data protection. For more information about our BCRs, please see our Workday Community FAQs.

Workday also uses the European Commission’s Standard Contractual Clauses (SCCs) (Commission Implementing Decision 2021/914 of 4 June 2021) to legitimize transfers of personal data outside the EEA as well as the ICO’s UK Addendum to the SCCs.

EU Binding Corporate Rules

Access the EU Binding Corporate Rules PDF now.

UK Binding Corporate Rules

Access the UK Binding Corporate Rules PDF now.