Box BCR Approval from ICO
Box has reached an exciting landmark in the growth of its international business. Box has received approval for our Global Binding Corporate Rules (Global BCRs), covering the personal data of its customers and that of its own European Economic Area (EEA) employees.
This means that Box has completed the BCRs approval process from the European Data Protection Authorities (EU DPAs) for our Global BCRs as a data processor and controller. The UK Information Commissioner’s Office was our lead reviewer with peer review by the Spanish and Polish DPAs. This enables companies across Europe to deploy a validated cloud environment in accordance with the highest data protection standards available today.
To gain approval from the EU DPAs, Box underwent a robust review of our global group of companies’ data privacy policies and procedures. The BCRs are based on rigorous criteria and we are extremely proud to be one of only a few cloud platforms in the world to have received approval for our Global BCRs.
BCRs are company-specific data protection policies which enable multinational companies to transfer personal data within their group (as data controllers) and to process personal data on behalf of its EEA customers in locations outside the EEA (as data processors), including the use of sub-processors where approved. Our Global BCRs are also intended to ensure that personal data has an identical level of protection and security no matter where the customer is based in the world.
This is a hugely significant step for Box as they continue to scale internationally while offering what we believe is the most secure enterprise content management platform in the world.
Today’s news follows hot on the heels of last month’s global cloud news where we announced that Box now supports compliance with ISO 27018, following our current support for compliance with ISO 27001 and Box’s certification under the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) System among others.
To learn more about Box Governance and Compliance, please visit: https://www.box.com/en-gb/security/governance-and-compliance
ISO 27001 and BCR are both components designed to meet GDPR data standards for the new GDPR regulations that the ICO will monitor. Box BCR approval from ICO provides a foundation for this for unstructured data.
Source: https://blog.box.com/blog/box-extends-global-cloud-milestone-bcr-approval/
19 SEP 2016 · BY JOEL BENAVIDES
see: https://ico.org.uk/for-organisations/guide-to-data-protection/binding-corporate-rules/
