Skip to main content
Press Release

Fieldfisher secures gold standard regulatory data protection approval for leading Silicon Valley cloud company Zendesk



United Kingdom

Firm secures second ever Binding Corporate Rules (BCR) approval led through the Irish Data Protection Commissioner (DPC).

European law firm, Fieldfisher has advised leading cloud company Zendesk on its successful application for Binding Court Rules approval. Zendesk, headquartered in San Francisco, provides a customer service help desk ticketing platform designed to help companies create customer relationships that are more meaningful, personal and productive through great support and proactive engagement.  It has 94,000 paid customer accounts globally across a range of industries.

BCRs are regulator-approved binding data protection policies that enable multinational businesses make intra-organisational transfers of personal data across borders in compliance with EU data protection law.  They provide a robust, flexible and scalable solution for EU data exports and avoid the need for more cumbersome legal solutions such as the EU Standard Contractual Clauses

To secure approval, a company must submit its BCR to EU data protection authorities for rigorous review to ensure they meet strict European data protection standards.  The process typically takes 18 months to two years and it is notoriously difficult to secure, reflecting the thoroughness of the review process. For this reason, only the most privacy committed businesses undertake BCRs, and currently fewer than 100 companies have achieved approval worldwide.

Commenting on the approval, data protection partner Phil Lee says: "BCRs are considered the regulatory gold standard for data exports.  For cloud customers it can be very difficult to assess whether any service provider is sufficiently reliable to be entrusted with their sensitive commercial data.  However, if sharing their data with a cloud provider that had achieved BCRs, like Zendesk has, customers can have peace of mind knowing that the provider has undergone strict regulatory scrutiny of their data protection practices against the highest standards.  For that reason, BCRs are as important to privacy as adherence to standards like ISO 27001 and SOC II are to security."

John Geschke, General Counsel and Chief Privacy Officer said: "Zendesk has always been determined to hold itself to strict data protection standards.  We knew that the regulatory approval process would be very thorough and that we would need to find a good law firm partner to support us through the process.  We selected Fieldfisher due to the strength of their data protection practice and their experience on BCR.  We've been very pleased with their support and are delighted to have now successfully achieved approval of our BCR."

This latest BCR approval adds to the long roster of companies that Fieldfisher has helped to achieve BCR, including Motorola Mobility, Align Technology, and Box, among many others.

Sign up to our email digest

Click to subscribe or manage your email preferences.