At Box, we’re pretty big fans of security and compliance. Now, before you ask why, hear me out.
Over the last decade, companies across every industry have been undergoing a massive transition to the cloud. The world is changing how it works on a near daily basis. Business is moving faster than ever, the rate of creation of data is growing quicker than it was even a year ago, and the security and data privacy challenges are enormous. Businesses today are managing more data than ever before, meaning an effective data protection program needs to be implemented and managed.
By now, you've probably seen the headlines about the General Data Protection Regulation (GDPR) deadline on May 25, 2018. But just in case you aren't familiar –GDPR is the new EU legislation for collecting and processing personal data in the European Union, and is the most significant data protection development in decades. The impact is far reaching -- all companies that work with European personal identifiable information will need to comply with the regulation. At Box we've been preparing for GDPR for a while, and we have invested significant resources toward meeting and maintaining GDPR compliance, and are committed to practicing transparency in how we handle personal data.
Just a Few Clicks Away from GDPR Readiness
The growth of cloud adoption, increase in amount of data, and the exponential growth of compliance and privacy complexity– are why Box is excited to announce a simple solution for global data privacy preparedness ahead of GDPR coming into effect.
We make it easy for our customers to formalize and share the data they use in a controlled and managed environment, which can be used to demonstrate their data is being processed in a way that meets the GDPR obligations. We have recently released a self-serve, easy-to-execute Data Processing Addendum (DPA) which requires only a simple electronic signature from the customers. The DPA is available at no cost for all current Box service agreements, is signed by both Box and the customer, and comprehensively lists all the approved legal mechanisms for data processing.
Box Data Protection Services
As part of its global data protection services, Box Consulting is rolling out a new compliance-focused engagement aimed at assisting customers as they prepare for, understand, and address evolving compliance requirements such as GDPR, PCI DSS, FedRamp, and HIPAA from a cloud content management perspective. The engagement team is comprised of senior members of the Box Compliance team in conjunction with Box Consulting personnel.
For GDPR preparedness specifically, Box will engage with customers to develop a formalized data protection framework leveraging and centering on the Box application. This service includes:
- Assisting customers in developing a strategy for categorizing their data and running the corresponding risk profile analysis
- Assisting customers to develop a data protection framework that is based on the customers own unique data protection risk profile.
- Providing implementation services to assist customers with implementing Box in accordance with their own derived implementation framework.
- Cross-industry perspectives on Compliance/Data Protection Obligations
To learn more on Box Consulting services for data protection, please download our datasheet.