Welcome!

News Feed Item

Box Leads Charge on GDPR With First-of-its-Kind Data Processing Addendum and New Global Data Protection Consulting Services

Box (NYSE:BOX), a leader in cloud content management, today announced a simple self-serve solution for global data privacy preparedness ahead of the European Union’s (EU) General Data Protection Regulation (GDPR), which takes effect on May 25, 2018, as well as new services from Box Consulting to help enterprises understand and meet key regulations around data protection. Box has pioneered cloud content management and led the industry on several critical compliance standards and regulations over the past several years, including HIPAA (for patient data), GxP (for life sciences regulated content), FedRAMP (for U.S. government data), and now GDPR.

“Business today is more connected and global than ever. Customer expectations have never been higher, and there is immense pressure to move faster, work across the extended enterprise, and deliver new experiences,” said Stephanie Carullo, COO of Box. “In the digital workplace landscape, traditional approaches to data protection are obsolete. Businesses need modern cloud platforms that can power the future of work and meet tomorrow’s security, compliance and regulatory needs. Box is laser-focused on this challenge and GDPR is a huge opportunity to extend next-generation data protection to the cloud.”

GDPR Readiness – New Self-Serve Data Processing Addendum

GDPR is the most significant data protection development in years, and was created to give European citizens more control over their personal data – ranging from mailing addresses to IP information. The GDPR covers the personal data for every EU citizen and provides comprehensive rights to data subjects. All companies that work with European employees, customers and partners will need to comply with the regulation – including being able to produce signed verification that any data stored or processed with 3rd parties meets important standards of data protection.

To help its customers meet verification needs, today Box announced a new Data Processing Addendum (DPA). The DPA, which is available for all current Box business customers, is a self-serve and easy-to-execute document that only requires an electronic signature from customers. Once signed, customers can provide the DPA to auditors to show that they use Box in a way that lets them demonstrate their data is being processed in a way that meets their GDPR compliance obligation.

“Box works with tens of thousands of companies around the world to enable collaboration and management of their business critical information. Now, with just a couple of clicks, businesses can quickly verify their use of Box’s GDPR compliant offerings and focus on what’s most important to their business,” said Pete McGoff, Chief Legal Officer of Box. “We’ve invested significant resources toward GDPR compliance and we are committed to practicing transparency in how Box handles personal data. No one has made global data compliance in the cloud easier.”

Box offers the most comprehensive set of EU third-party certifications and is the only company which uses Global Binding Corporate Rules (BCRs) both as a processor and data controller, enabling companies across Europe to deploy a validated cloud environment in accordance with the highest data protection standards available today. In addition to Privacy Shield, Box obtained two German certifications: Cloud Computing Compliance Controls Catalog (C5) certification and TCDP 1.0 (Trusted Cloud-Datenschutzprofil fuer Cloud Anbieter). With Binding Corporate Rules, C5 and the TCDP, Box has been independently reviewed for its privacy and cloud data protection practices and is well-suited to help customers prepare for the GDPR.

Box Consulting: New Global Box Data Protection Services

Box continues to raise the bar for privacy and security in the cloud, driving industry leadership with advanced enterprise capabilities. Box has proactively implemented strong independently verified security and privacy practices to provide customers with transparency. Box also works directly with customers to help them understand what safeguards are needed for data protection in the cloud in order to establish a solid foundation for companies to meet the domestic and international requirements.

As part of its global data protection services, Box Consulting is rolling out a new compliance-focused consulting engagement aimed at assisting customers prepare for, understand and address evolving compliance requirements such as GDPR, PCI DSS, FedRAMP, and HIPAA from a cloud content management perspective. The engagement team comprises Box technology and compliance professionals who work in conjunction with a customers' team in establishing a workable governance framework that leverages the Box application.

The data protection service includes the following:

  • Assisting customers in developing a strategy for categorizing their data and running the corresponding risk profile analysis
  • Assisting customers to develop a data protection framework that is based on the customers own unique data protection risk profile
  • Providing implementation services to assist customers with implementing Box in accordance with their own derived implementation framework
  • Cross-industry perspectives on Compliance/Data Protection Obligations

“With offices in more than 19 countries, and millions of customers it’s critically important that we obtain GDPR compliance to ensure the data of our customers and employees is protected,” said Stijn Stabel, Head of Architecture and Innovation at Alcopa. “Being able to engage with Box’s consulting team, and utilize their compliance expertise, provides another layer of reassurance that we are taking the correct steps.”

Box's global data protection offerings also include Box Zones, which provides customers with in-region data storage; Box KeySafe, which allows administrators to have control and visibility over data; and Box Governance, which enables customers to comply with data retention policies, satisfy e-discovery requests, and effectively manage sensitive information. Box is also a leader in compliance standards, enabling customers to maintain adherence to important industry regulations including HIPAA, FINRA, FedRAMP, and PCI DSS, amongst others.

Register for our webinar on February 28th and learn how Box is streamlining your GDPR readiness journey.

To download the data protection addendum visit http://www.box.com/GDPR/.

To learn more about Box Consulting for data protection download our datasheet.

About Box

Box (NYSE:BOX) is the cloud content management company that empowers enterprises to revolutionize how they work by securely connecting their people, information and applications. Founded in 2005, Box powers 80,000 businesses globally, including AstraZeneca, General Electric, P&G, and The GAP. Box is headquartered in Redwood City, CA, with offices across the United States, Europe and Asia. To learn more about Box, visit http://www.box.com/.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Headquartered in Plainsboro, NJ, Synametrics Technologies has provided IT professionals and computer systems developers since 1997. Based on the success of their initial product offerings (WinSQL and DeltaCopy), the company continues to create and hone innovative products that help its customers get more from their computer applications, databases and infrastructure. To date, over one million users around the world have chosen Synametrics solutions to help power their accelerated business or per...
All in Mobile is a place where we continually maximize their impact by fostering understanding, empathy, insights, creativity and joy. They believe that a truly useful and desirable mobile app doesn't need the brightest idea or the most advanced technology. A great product begins with understanding people. It's easy to think that customers will love your app, but can you justify it? They make sure your final app is something that users truly want and need. The only way to do this is by ...
Authorization of web applications developed in the cloud is a fundamental problem for security, yet companies often build solutions from scratch, which is error prone and impedes time to market. This talk shows developers how they can (instead) build on-top of community-owned projects and frameworks for better security.Whether you build software for enterprises, mobile, or internal microservices, security is important. Standards like SAML, OIDC, and SPIFFE help you solve identity and authenticat...
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...
DXWorldEXPO LLC announced today that Big Data Federation to Exhibit at the 22nd International CloudEXPO, colocated with DevOpsSUMMIT and DXWorldEXPO, November 12-13, 2018 in New York City. Big Data Federation, Inc. develops and applies artificial intelligence to predict financial and economic events that matter. The company uncovers patterns and precise drivers of performance and outcomes with the aid of machine-learning algorithms, big data, and fundamental analysis. Their products are deployed...
Whenever a new technology hits the high points of hype, everyone starts talking about it like it will solve all their business problems. Blockchain is one of those technologies. According to Gartner's latest report on the hype cycle of emerging technologies, blockchain has just passed the peak of their hype cycle curve. If you read the news articles about it, one would think it has taken over the technology world. No disruptive technology is without its challenges and potential impediments t...
CloudEXPO New York 2018, colocated with DevOpsSUMMIT and DXWorldEXPO New York 2018 will be held November 12-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI and Machine Learning to one location.
Hackers took three days to identify and exploit a known vulnerability in Equifax’s web applications. I will share new data that reveals why three days (at most) is the new normal for DevSecOps teams to move new business /security requirements from design into production. This session aims to enlighten DevOps teams, security and development professionals by sharing results from the 4th annual State of the Software Supply Chain Report -- a blend of public and proprietary data with expert researc...
DXWorldEXPO LLC announced today that Nutanix has been named "Platinum Sponsor" of CloudEXPO | DevOpsSUMMIT | DXWorldEXPO New York, which will take place November 12-13, 2018 in New York City. Nutanix makes infrastructure invisible, elevating IT to focus on the applications and services that power their business. The Nutanix Enterprise Cloud Platform blends web-scale engineering and consumer-grade design to natively converge server, storage, virtualization and networking into a resilient, softwar...
So the dumpster is on fire. Again. The site's down. Your boss's face is an ever-deepening purple. And you begin debating whether you should join the #incident channel or call an ambulance to deal with his impending stroke. Yes, we know this is a developer's fault. There's plenty of time for blame later. Postmortems have a macabre name because they were once intended to be Viking-like funerals for someone's job. But we're civilized now. Sort of. So we call them post-incident reviews. Fires are ne...
The digital transformation is real! To adapt, IT professionals need to transform their own skillset to become more multi-dimensional by gaining both depth and breadth of a wide variety of knowledge and competencies. Historically, while IT has been built on a foundation of specialty (or "I" shaped) silos, the DevOps principle of "shifting left" is opening up opportunities for developers, operational staff, security and others to grow their skills portfolio, advance their careers and become "T"-sh...
This session will provide an introduction to Cloud driven quality and transformation and highlight the key features that comprise it. A perspective on the cloud transformation lifecycle, transformation levers, and transformation framework will be shared. At Cognizant, we have developed a transformation strategy to enable the migration of business critical workloads to cloud environments. The strategy encompasses a set of transformation levers across the cloud transformation lifecycle to enhance ...
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations, in addition to network and systems administration expertise. Prior to joining F5, MacVittie was an award-winning technology editor at Network Computing Magazine where she evaluated and tested application-focused technologies including app secu...
Mike is managing director in Deloitte Consulting LLP's Cloud practice, responsible for helping clients implement cloud strategy and architecture to drive digital transformation. Beyond his technology experience, Mike brings an insightful understanding of how to address the organizational change, process improvement, and talent management challenges associated with digital transformation. Mike brings more than 30 years of experience in software development and architecture to his role. Most recen...