Box, a leading enterprise content platform, today announced that it has completed the EU approval process from the UK Information Commissioner’s Office (ICO) and the Spanish and Polish Data Protection Authorities (DPAs), for its global Binding Corporate Rules (BCRs) as data processor and controller. This dual certification, covering both the personal data of its customers and that of Box’s own European Economic Area (EEA) employees, validates the company’s implementation of the highest possible standards for protecting personal data globally.

“This is a huge milestone as we continue to scale internationally while focusing on offering what we believe to be the most secure enterprise content management platform in the world,” said Joel Benavides, Sr. Director Global Legal & Advocacy at Box. “The DPA’s approval of our BCRs enables companies across Europe to deploy a validated cloud environment in accordance with the highest data protection standards available today.”

To gain approval from the European DPAs, Box underwent extensive review of its global group of companies’ data privacy compliance policies and procedures as required by the EU DPAs.

BCRs are company-specific data protection policies, which enable multinational companies to transfer personal data within their group (as controllers) and to process personal data of its customers in locations outside the EEA (as processors). The BCRs are based on rigorous criteria and Box is one of only a few software companies in the world to have received approval for its BCRs.

The BCRs are also intended to ensure that personal data has an identical level of protection and security no matter where the customer is based in the world. Achieving the highest possible standard for dealing with data makes Box a sensible option for even the most security conscious companies around the world.

"Binding Corporate Rules (BCRs) were developed by the European Union Article 29 Working Party to allow multinational and international organizations to have a consistent compliant framework for making intra-organizational transfers of data across border in compliance with the EU Data Protection Law," said Duncan Brown, Research Director, European Security Practice, at IDC EMEA. "BCRs provide the highest level of compliance, accountability and assurance for international organizations. There are very few companies with approved global BCRs and Box is one of the first cloud service providers to achieve this approval.”

Box has customers across multiple geographies including Europe, Asia and the Americas. It also services multinational customers from all major industries, including finance, healthcare, construction, life sciences, media and entertainment, retail, and non-profit. Box serves over 66,000 organisations today, including Eurostar, Hamburg Airport, Spotify, AstraZeneca, General Electric, among others.