On February 3, 2011, the German Federal Commissioner for Data Protection and Freedom of Information issued a press release announcing that it has approved the privacy policy formulated by Deutsche Post DHL. This allows Deutsche Post DHL to transfer personal data abroad in accordance with its privacy policy without having to obtain approval in individual cases. Deutsche Post DHL is the first German company to have its binding corporate rules (“BCRs”) approved at the European level, following an extensive consultation process among EU data protection authorities.

Deutsche Post DHL is a global company with approximately 500,000 employees in 220 countries and territories whose business operations include frequent cross-border exchanges of customer and employee data. The transfer of personal data outside the European Union and outside the EEA, however, requires proof of an adequate level of protection under the German Federal Data Protection Act. Pursuant to Section 4 (2) of the Act, the competent data protection authority may approve international data transfers based on an entity’s BCRs. Accordingly, Deutsche Post DHL included in its privacy policy the necessary guarantees concerning the protection of personal data and the corresponding rights of individuals, and demonstrated the enforceability of its rules.