European law firm Fieldfisher has secured controller and processor Binding Corporate Rules (BCR) approval for Box, a leading enterprise content platform headquartered in California, with offices around the world.
BCRs provide a global data protection policy framework for multinational corporations, allowing them to make intra-organisational transfers of personal data across borders in compliance with European Union law. Companies that achieve BCR authorisation must commit to strict, binding standards about how they will process and protect personal data, and must implement these standards through comprehensive training and audit programs. BCRs are widely recognised in the European Union as a gold standard for compliance.
Phil Lee, Partner in Fieldfisher's Privacy, Security and Information team, said: "BCRs are a really important 'stamp of approval' from the European regulatory authorities. Customers of BCR-approved businesses such as Box.com – can use their services in full confidence that their data will remain protected to a very high standard, and in accordance with EU data protection laws regardless of where it's being processed."
Olivier Proust, Of Counsel in Fieldfisher in the firm's Brussels office, who also supported Box on its BCR application, added: "Throughout our time working with Box, their understanding of just how paramount the protection of customer data is has been clear - and that's made working with them on this project an absolute pleasure."
Founded in 2005, Box helps more than 66,000 businesses around the world, including General Electric, P&G and AstraZeneca securely access and manage their critical information in the cloud. Box is headquartered in Redwood City, California, with offices across the United States, Europe and Asia.
Joel Benavides, Senior Director Global Legal & Advocacy at Box said: "We are committed to ensuring our customers' data is protected to the highest possible standard and we are thrilled to secure BCR approval as both a controller and processor. We recognise the importance of having BCRs as we continue to expand across Europe and Fieldfisher's advice and guidance was critical to making the process as smooth as possible."
Fieldfisher is recognised as a leading adviser to clients from across the technology industry, advising across all legal disciplines while also offering bespoke expertise built on years of experience. The firm's Privacy, Security & Information Group is market leading and advises clients from across the public and private sectors, offering international coverage and advice on business-critical privacy and data protection projects.