GDPR: We're here to help

You've seen our recent posts. You've received the emails. Your mom may even be asking about it. "The General Data Protection Regulation (GDPR), the legislation for collecting and processing personal data in the European Union, is coming." And now, the day we have been waiting for - what some call the most significant change in data privacy in 20 years - is now here!

In all honesty, for many companies, working towards complete GDPR readiness will be a process that extends after the exact deadline of May 25. And in navigating this process, we're here to help.

With Binding Corporate Rules, C5 and the TCDP, Box has been independently reviewed for its privacy and cloud data protection practices and is well-suited to support customers as they prepare for the GDPR. To further enhance GDPR readiness, Box also offers Box Zones, now supporting multizones, for local data storage across multiple geographies.

Here are 4 ways that Box can help you in your readiness plan:

1. We take data protection seriously, and our BCRs show it. The GDPR specifically recognizes BCRs as a legal mechanism for the transfer of EU/EEA personal data to the U.S. Box is the only U.S. company that has both the C5 and TCDP, which show we meet Germany's high bar for data protection and security.

2. Our customers can self-serve / easily execute an agreement to comply with GDPR processing requirements. We make it easy for our customers to formalize and share with their stakeholders, including employees, customers and potential auditors. We have put in place an incredibly simple contract for customers that allows them to prove that their use of Box meets the GDPR requirements. Your customers can execute the Data Processing Addendum at

3. Customers can use Box Zones to help with GDPR Readiness. A customer's legal / compliance / security teams will likely advise their internal stakeholders to purchase Box Zones in order demonstrate adequate due diligence, effective risk mitigation and proactive regulatory compliance on local data storage for GDPR readiness. In addition, "security and confidentiality" is an often used but not well-defined phrase in GDPR. Many of our customers define "security and confidentiality" as including in-region storage and Box Zones helps satisfy this definition. Sign up for our webinar to learn about how data residency enhances GDPR readiness.

4. The Box product enables customers to more easily meet their GDPR obligations. While there are many requirements in the GDPR, some require organizations to perform certain tasks on behalf of their users or provide data to end users. Box can help. For example,

  • Box features can assist an organization with the Right to Be Forgotten. With the trash functionality within Box and Retention through Box Governance, an admin can set trash restrictions to empower a user to delete content - either manually or on an automated basis - when it no longer is relevant.
  • For Transparency into Info Use, admins can export usage logs and share with users more details on how their content is being used.

Check out the many product features we have to enable our customers to meet their GDPR obligations with this Get GDPR-ready with Box guide. Additionally, listen to one of our recent webinars on preparing for the GDPR where industry experts will walk you through the steps you can take to make the GDPR work for your company.