Box debuts data processing addendum and global data protection consulting services to deliver on GDPR



Box, provider of cloud content management, recently announced a simple self-serve solution for global data privacy preparedness ahead of the European Union’s (EU) General Data Protection Regulation (GDPR), which takes effect on May 25, 2018, as well as new services from Box Consulting to help enterprises understand and meet key regulations around data protection.

Box has pioneered cloud content management and led the industry on several critical compliance standards and regulations over the past several years, including HIPAA (for patient data), GxP (for life sciences regulated content), FedRAMP (for U.S. government data), and now GDPR.

The GDPR harmonizes data privacy laws and regulations across the EU, enhances data protection for EU citizens and reshapes the way organizations approach data privacy. The GDPR covers the personal data of every EU person and provides comprehensive rights to data subjects. Every company that works with European employees, customers and partners will need to comply with the regulation.

Failure to meet the GDPR requirements can result in fines up to EUR 20 million or up to 4 percent of the company’s worldwide annual turnover for the preceding fiscal year, whichever is higher.

To help its customers meet verification needs, Box announced a new Data Processing Addendum (DPA). The DPA, which is available for all current Box business customers, is a self-serve and easy-to-execute document that only requires an electronic signature from customers. Once signed, customers can provide the DPA to auditors to show that they use Box in a way that lets them demonstrate their data is being processed in a way that meets their GDPR compliance obligation.

GDPR delivers significant data protection development in years, and was created to give European citizens more control over their personal data – ranging from mailing addresses to IP information. The GDPR covers the personal data for every EU citizen and provides comprehensive rights to data subjects.

All companies that work with European employees, customers and partners will need to comply with the regulation – including being able to produce signed verification that any data stored or processed with third parties meets important standards of data protection.

“Box works with tens of thousands of companies around the world to enable collaboration and management of their business critical information. Now, with just a couple of clicks, businesses can quickly verify their use of Box’s GDPR compliant offerings and focus on what’s most important to their business,” said Pete McGoff, Chief Legal Officer of Box. “We’ve invested significant resources toward GDPR compliance and we are committed to practicing transparency in how Box handles personal data. No one has made global data compliance in the cloud easier.”

Box offers comprehensive set of EU third-party certifications and is the only company which uses Global Binding Corporate Rules (BCRs) both as a processor and data controller, enabling companies across Europe to deploy a validated cloud environment in accordance with the highest data protection standards available.

In addition to Privacy Shield, Box obtained two German certifications: Cloud Computing Compliance Controls Catalog (C5) certification and TCDP 1.0 (Trusted Cloud-Datenschutzprofil fuer Cloud Anbieter). With Binding Corporate Rules, C5 and the TCDP, Box has been independently reviewed for its privacy and cloud data protection practices and is ideal to help customers prepare for the GDPR.

Box continues to raise the bar for privacy and security in the cloud, driving industry leadership with advanced enterprise capabilities. Box has proactively implemented strong independently verified security and privacy practices to provide customers with transparency. Box also works directly with customers to help them understand what safeguards are needed for data protection in the cloud in order to establish a solid foundation for companies to meet the domestic and international requirements.

As part of its global data protection services, Box Consulting is rolling out a new compliance-focused consulting engagement aimed at assisting customers prepare for, understand and address evolving compliance requirements such as GDPR, PCI DSS, FedRAMP, and HIPAA from a cloud content management perspective. The engagement team comprises Box technology and compliance professionals who work in conjunction with a customers’ team in establishing a workable governance framework that leverages the Box application.

The data protection service assists customers in developing a strategy for categorizing their data and running the corresponding risk profile analysis; aids users to develop a data protection framework that is based on the customers own unique data protection risk profile; provides implementation services to assist customers with implementing Box in accordance with their own derived implementation framework; and cross-industry perspectives on compliance/data protection obligations

“With offices in more than 19 countries, and millions of customers it’s critically important that we obtain GDPR compliance to ensure the data of our customers and employees is protected,” said Stijn Stabel, Head of Architecture and Innovation at Alcopa. “Being able to engage with Box’s consulting team, and utilize their compliance expertise, provides another layer of reassurance that we are taking the correct steps.”

Box’s global data protection offerings also include Box Zones, which provides customers with in-region data storage; Box KeySafe, which allows administrators to have control and visibility over data; and Box Governance, which enables customers to comply with data retention policies, satisfy e-discovery requests, and effectively manage sensitive information.

Box also delivers on compliance standards, enabling customers to maintain adherence to important industry regulations including HIPAA, FINRA, FedRAMP, and PCI DSS, amongst others.

Leave a Reply

WWPI – Covering the best in IT since 1980