BSA’s submission responds to the European Data Protection Board’s draft Recommendations on Binding Corporate Rules for Processors (BCR-Ps), one of the key GDPR transfer mechanisms. BSA encourages the EDPB to clarify that approved BCR-Ps continue to cover initial transfers from external controllers to processor group members, in order to maintain legal certainty and avoid duplicative transfer requirements. The submission also calls for a more proportionate, risk-based approach to audit and governance requirements to prevent unnecessary administrative burdens. Overall, BSA urges the EDPB to ensure the final Recommendations preserve BCR-Ps as a practical, scalable, and high-standard mechanism for international data transfers.