Box intros new services to help customers prepare for GDPR requirements

GDPR requires companies to protect EU citizens' personal information and know where data flows at any time.
Written by Natalie Gagliordi, Contributor
(Image: iStock)

Box is rolling out new services that aim to help its customers comply with the European Union's General Data Protection Regulation (GDPR) requirements that go into effect in May.

The cloud storage company is first launching an electronic self-service addendum that lists all of the approved legal mechanisms for data processing required by the GDPR. Once signed, Box customers can then provide the Data Processing Addendum (DPA) to third-party auditors to verify that their use of Box meets GDPR's compliance requirements.

Meanwhile, Box Consulting is rolling out a new service aimed at assisting customers in preparing for and understanding evolving compliance requirements from a cloud content management perspective. Through this service, Box customers will be able to partner directly with compliance and GDPR experts on creating a data protection framework.

GDPR requires companies to protect EU citizens' personal information and know where data flows at any time. The GDPR also gives EU citizens the right to erasure (the right to be forgotten), the right to object, and the right to restrict processing of their data.

Although the EU's regulation only apples to Europe, any company that operates there (in other words, every business) will face steep penalties for non-compliance. Penalties include a fine of up to 4 percent of company turnover, and legal ramifications if a company is hacked and attempts to hide what happened from customers.

Read also: GDPR: These are the organisations which are least prepared

Box claims that it's the only company using Global Binding Corporate Rules (BCRs) both as a processor and data controller, which it said enables companies across Europe to deploy a validated cloud environment in accordance with data protection standards.

The company said its global data protection offerings also include: Box Zones, which provides customers with in-region data storage; Box KeySafe, which allows administrators to have control and visibility over data; and Box Governance, which enables customers to comply with data retention policies satisfy e-discovery requests.


What is GDPR? Everything you need to know about the new general data protection regulations

General Data Protection Regulation, or GDPR, is coming. Here's what it means, how it'll impact individuals and businesses.

Five things you need to know about GDPR

Video: What new data rules mean for you and your business.

Editorial standards