What are you looking for ?
Advertise with us
RAIDON

Box Completed EU Approval Process From UK Information Commissioner’s Office and Spanish and Polish Data Protection Authorities

For global Binding Corporate Rules as data processor and controller

Box, Inc. has completed the EU approval process from the UK Information Commissioner’s Office (ICO) and the Spanish and Polish Data Protection Authorities (DPAs), for its Binding Corporate Rules (BCRs) as data processor and controller.

This dual certification, covering both the personal data of its customers and that of Box’s own European Economic Area (EEA) employees, validates the company’s implementation of the highest possible standards for protecting personal data.

This is a huge milestone as we continue to scale internationally while focusing on offering what we believe to be the most secure enterprise content management platform in the world,” said Joel Benavides, senior director legal and advocacy, Box. “The DPA’s approval of our BCRs enables companies across Europe to deploy a validated cloud environment in accordance with the highest data protection standards available today.

To gain approval from the European DPAs, Box underwent review of its group of companies’ data privacy compliance policies and procedures as required by the EU DPAs.

BCRs are company-specific data protection policies, which enable multinational companies to transfer personal data within their group (as controllers) and to process personal data of its customers in locations outside the EEA (as processors). The BCRs are based on rigorous criteria and Box is one of only a few software companies to have received approval for its BCRs.

The BCRs are also intended to ensure that personal data has an identical level of protection and security no matter where the customer is based in the world. Achieving the highest possible standard for dealing with data makes Box a sensible option for the most security conscious companies.

BCRs were developed by the European Union Article 29 Working Party to allow multinational and international organizations to have a consistent compliant framework for making intra-organizational transfers of data across border in compliance with the EU Data Protection Law,” said Duncan Brown, research director, European security practice, IDC EMEA. “BCRs provide the highest level of compliance, accountability and assurance for international organizations. There are very few companies with approved global BCRs and Box is one of the first cloud service providers to achieve this approval.

Box has customers across multiple geographies including Europe, Asia and the Americas. It also services multinational customers from all major industries, including finance, healthcare, construction, life sciences, media and entertainment, retail, and non-profit.

Box serves over 66,000 organisations including Eurostar, Hamburg Airport, Spotify, AB, AstraZeneca, General Electric.

This news follows the company’s announcement that it complies with ISO 27018, the standard for protecting Personally Identifiable Information (PII) in the cloud, set forth by the International Standards Organization. By complying with ISO 27018, Box adheres to a uniform set of guidelines that spans regions, so businesses can adopt Box with confidence that the service they receive adheres to privacy standards, often resulting in streamlined contract processes and expedited expansion for customers. This achievement adds to Box’s existing support for compliance with ISO 27001, which the company achieved in 2013.

Box also holds APEC Cross Border Privacy Rules, and the company becomes one of the first in the world to have both APEC CBPR and approved BCRs.

Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E