LONDON--(BUSINESS WIRE)--Box (NYSE:BOX) a leading enterprise content platform, today announced that it has completed the EU approval process from the UK Information Commissioner’s Office (ICO) and the Spanish and Polish Data Protection Authorities (DPAs), for its global Binding Corporate Rules (BCRs) as data processor and controller. This dual certification, covering both the personal data of its customers and that of Box’s own European Economic Area (EEA) employees, validates the company’s implementation of the highest possible standards for protecting personal data globally.
“This is a huge milestone as we continue to scale internationally while focusing on offering what we believe to be the most secure enterprise content management platform in the world,” said Joel Benavides, Sr. Director Global Legal & Advocacy at Box. “The DPA’s approval of our BCRs enables companies across Europe to deploy a validated cloud environment in accordance with the highest data protection standards available today.”
To gain approval from the European DPAs, Box underwent extensive review of its global group of companies’ data privacy compliance policies and procedures as required by the EU DPAs.
BCRs are company-specific data protection policies, which enable multinational companies to transfer personal data within their group (as controllers) and to process personal data of its customers in locations outside the EEA (as processors). The BCRs are based on rigorous criteria and Box is one of only a few software companies in the world to have received approval for its BCRs.
The BCRs are also intended to ensure that personal data has an identical level of protection and security no matter where the customer is based in the world. Achieving the highest possible standard for dealing with data makes Box a sensible option for even the most security conscious companies around the world.
"Binding Corporate Rules (BCRs) were developed by the European Union Article 29 Working Party to allow multinational and international organizations to have a consistent compliant framework for making intra-organizational transfers of data across border in compliance with the EU Data Protection Law," said Duncan Brown, Research Director, European Security Practice, at IDC EMEA. "BCRs provide the highest level of compliance, accountability and assurance for international organizations. There are very few companies with approved global BCRs and Box is one of the first cloud service providers to achieve this approval.”
Box has customers across multiple geographies including Europe, Asia and the Americas. It also services multinational customers from all major industries, including finance, healthcare, construction, life sciences, media and entertainment, retail, and non-profit. Box serves over 66,000 organisations today, including Eurostar, Hamburg Airport, Spotify, AstraZeneca, General Electric, among others.
Today’s news follows the company’s recent announcement that it now complies with ISO 27018, the standard for protecting Personally Identifiable Information (PII) in the cloud, set forth by the International Standards Organization. By complying with ISO 27018, Box adheres to a uniform set of guidelines that spans regions, so businesses can adopt Box with confidence that the service they receive adheres to global privacy standards, often resulting in streamlined contract processes and expedited global expansion for customers. This achievement adds to Box’s existing support for compliance with ISO 27001, which the company achieved in 2013.
Box also holds APEC Cross Border Privacy Rules, and with today’s news the company becomes one of the first in the world to have both APEC CBPR and approved BCRs.
Founded in 2005, Box (NYSE:BOX) is transforming the way people and organizations work so they can achieve their greatest ambitions. As a leading enterprise content platform, Box helps more than 66,000 businesses, including General Electric, KKR & Co., P&G and The GAP securely access and manage their critical information in the cloud. Box is headquartered in Redwood City, CA, with offices across the United States, Europe and Asia. To learn more about Box, visit www.box.com.