The EU Directive creates the legal framework for the national data protection laws in each EU member state. The EU Directive states that personal data may only be transferred to countries outside the EU when an adequate level of protection is guaranteed. The laws of the United States are not considered by the European Union as providing an adequate level of data protection. As a result, if a company intends to transfer personal information into the United States they must take one of the following steps to achieve the “adequacy” status required by the Directive. Binding Corporate Rules . . .