Box Leads Charge on GDPR With First-of-its-Kind Data Processing Addendum and New Global Data Protection Consulting Services

[End Subhead]
[Start Distributor]
Business Wire 15-Feb-2018 12:00 PM
[End Distributor]
REDWOOD CITY, Calif.--(BUSINESS WIRE)-- Box (NYSE:BOX), a leader in cloud content management, today announced a simple self-serve solution for global data privacy preparedness ahead of the European Unions (EU) General Data Protection Regulation (GDPR), which takes effect on May 25, 2018, as well as new services from Box Consulting to help enterprises understand and meet key regulations around data protection. Box has pioneered cloud content management and led the industry on several critical compliance standards and regulations over the past several years, including HIPAA (for patient data), GxP (for life sciences regulated content), FedRAMP (for U.S. government data), and now GDPR.
Business today is more connected and global than ever. Customer expectations have never been higher, and there is immense pressure to move faster, work across the extended enterprise, and deliver new experiences, said Stephanie Carullo, COO of Box. In the digital workplace landscape, traditional approaches to data protection are obsolete. Businesses need modern cloud platforms that can power the future of work and meet tomorrows security, compliance and regulatory needs. Box is laser-focused on this challenge and GDPR is a huge opportunity to extend next-generation data protection to the cloud.
GDPR Readiness New Self-Serve Data Processing Addendum
GDPR is the most significant data protection development in years, and was created to give European citizens more control over their personal data ranging from mailing addresses to IP information. The GDPR coversthe personal data for everyEU citizen and provides comprehensive rights to data subjects.All companies that work with European employees, customers and partners will need to comply with the regulation including being able to produce signed verification that any data stored or processed with 3rd parties meets important standards of data protection.
To help its customers meet verification needs, today Box announced a new Data Processing Addendum (DPA). The DPA, which is available for all current Box business customers, is a self-serve and easy-to-execute document that only requires an electronic signature from customers. Once signed, customers can provide the DPA to auditors to show that they use Box in a way that lets them demonstrate their data is being processed in a way that meets their GDPR compliance obligation.
Box works with tens of thousands of companies around the world to enable collaboration and management of their business critical information. Now, with just a couple of clicks, businesses can quickly verify their use of Boxs GDPR compliant offerings and focus on whats most important to their business, said Pete McGoff, Chief Legal Officer of Box. Weve invested significant resources toward GDPR compliance and we are committed to practicing transparency in how Box handles personal data. No one has made global data compliance in the cloud easier.
Box offers the most comprehensive set of EU third-party certifications and is the only company which uses Global Binding Corporate Rules (BCRs) both as a processor and data controller, enabling companies across Europe to deploy a validated cloud environment in accordance with the highest data protection standards available today. In addition to Privacy Shield, Box obtained two German certifications: Cloud Computing Compliance Controls Catalog (C5) certification and TCDP 1.0 (Trusted Cloud-Datenschutzprofil fuer Cloud Anbieter). With Binding Corporate Rules, C5 and the TCDP, Box has been independently reviewed for its privacy and cloud data protection practices and is well-suited to help customers prepare for the GDPR.
Box Consulting: New Global Box Data Protection Services
Box continues to raise the bar for privacy and security in the cloud, driving industry leadership with advanced enterprise capabilities. Box has proactively implemented strong independently verified security and privacy practices to provide customers with transparency. Box also works directly with customers to help them understand what safeguards are needed for data protection in the cloud in order to establish a solid foundation for companies to meet the domestic and international requirements.
As part of itsglobal data protection services, Box Consultingis rolling out a new compliance-focusedconsulting engagementaimed atassisting customersprepare for, understand and addressevolving compliance requirements such asGDPR, PCI DSS, FedRAMP, and HIPAA from a cloud content management perspective. The engagement team comprises Box technology and compliance professionals who work in conjunction with a customers' team in establishing a workable governance framework that leverages the Box application.
The data protection service includes the following:
Assisting customers indeveloping a strategyforcategorizing their data and running the corresponding risk profile analysis
Assisting customers to develop a data protection framework that is based on the customers own unique data protection risk profile
Providing implementation services to assist customers with implementing Box in accordance with their own derived implementation framework
Cross-industry perspectives on Compliance/Data Protection Obligations
With offices in more than 19 countries, and millions of customers its critically important that we obtain GDPR compliance to ensure the data of our customers and employees is protected, said Stijn Stabel, Head of Architecture and Innovation at Alcopa. Being able to engage with Boxs consulting team, and utilize their compliance expertise, provides another layer of reassurance that we are taking the correct steps.
Box's global data protection offerings also include Box Zones, which provides customers with in-region data storage; Box KeySafe, which allows administrators to have control and visibility over data; and Box Governance, which enables customers to comply with data retention policies, satisfy e-discovery requests, and effectively manage sensitive information. Box is also a leader in compliance standards, enabling customers to maintain adherence to important industry regulations including HIPAA, FINRA, FedRAMP, and PCI DSS, amongst others.
Register for our webinar on February 28th and learn howBox is streamlining your GDPR readiness journey.
To download the data protection addendum visit
To learn more about Box Consulting for data protection download our datasheet.
About Box
Box (NYSE:BOX) is the cloud content management company that empowers enterprises to revolutionize how they work by securely connecting their people, information and applications. Founded in 2005, Box powers 80,000 businesses globally, including AstraZeneca, General Electric, P&G, and The GAP. Box is headquartered in Redwood City, CA, with offices across the United States, Europe and Asia. To learn more about Box, visit

View source version on
BoxKatie Uhlman,
Source: Box

Wait, Before You Leave...