The cloud storage company is first launching an electronic self-service addendum that lists all of the approved legal mechanisms for data processing required by the GDPR. Once signed, Box customers can then provide the Data Processing Addendum (DPA) to third-party auditors to verify that their use of Box meets GDPR's compliance requirements.
Meanwhile, Box Consulting is rolling out a new service aimed at assisting customers in preparing for and understanding evolving compliance requirements from a cloud content management perspective. Through this service, Box customers will be able to partner directly with compliance and GDPR experts on creating a data protection framework.
GDPR requires companies to protect EU citizens' personal information and know where data flows at any time. The GDPR also gives EU citizens the right to erasure (the right to be forgotten), the right to object, and the right to restrict processing of their data.
Although the EU's regulation only apples to Europe, any company that operates there (in other words, every business) will face steep penalties for non-compliance. Penalties include a fine of up to 4 percent of company turnover, and legal ramifications if a company is hacked and attempts to hide what happened from customers.