Compliance engineered for the Cloud
Salesforce maintains a comprehensive set of compliance certifications and attestations to validate our #1 value of Trust.

Salesforce BCRs

Binding Corporate Rules (or "BCRs") are company­ specific, group-­wide data protection policies approved by European and UK data protection authorities to facilitate transfers of personal data from the European Economic Area and the UK to countries that have not been deemed adequate. BCRs are based on strict privacy principles established by European Union and UK data protection authorities and require intensive consultation with European and UK data protection authorities.

Salesforce received approval from European data protection authorities for its EU Binding Corporate Rules ("Salesforce EU Processor BCR") in 2015 and from the Information Commission Office (ICO) for its UK Binding Corporate Rules ("Salesforce UK Processor BCR") in 2023. For more details about the scope of the Salesforce Processor EU BCR and Salesforce Processor UK BCR and their respective applicable services, please see here and here. For additional information about the multiple legal transfer mechanisms which Salesforce has to help customers validate transfers of personal data, please see our Data Processing Addendum.

Please refer to each BCR for the full list of applicable services.