Clearly, the biggest international storage issue this year is that the European Union's GDPR (General Data Protection Regulation) goes into effect May 25. The repercussions of this we don’t know completely yet, but they will be extensive in scope.
As a result, data management, storage and protection providers high and low are coming out with software and/or services to help their clients deal with the extra headaches that come with any new regulation like this.
Ostensibly, the GDPR and any subsequent regulations that come to the fore--due to the incredible rise in: a) the sheer amount of business data now being created; and b) the number of hackers trying to use it for criminal gain--are all for the better.
“Fundamentally, they will help enterprises get their houses in order,” Box’s Chief Product Officer and Director of Platform Jeetu Patel told eWEEK. “And Box is able to assist in a number of ways.”
Has Been About Staying Ahead of Regulations All Along
Box, the cloud storage and collaboration-tool provider that now has 59 million users and is deployed in 67 percent of the Fortune 500 companies, has been aware of this landmark legislation for several years and is prepared to assist its customers with it.
On Feb. 15, the Redwood City, Calif.-based company, which has consistently prioritized giving customers a cloud content management environment that can be used under any compliance requirements (HIPAA, FedRAMP, GxP, among others), released two solutions to help IT managers prepare for the big day, May 25.
One is software, the other is services. They are:
- Data Processing Addendum (DPA), which helps customers meet verification needs. Box is announcing a free, self-serve addendum that lists all the approved legal mechanisms for data processing required by the GDPR. Once signed, Box customers can then provide the DPA to third-party auditors to verify that their use of Box meets GDPR's compliance requirements.
- Compliance-focused consulting engagement: Box Consulting is rolling out a new service aimed at assisting customers prepare for, understand and address evolving compliance requirements from a cloud content management perspective. Through this service, Box customers will be able to partner directly with compliance and GDPR experts on creating a data protection framework, including:
- Assisting customers in categorizing their data and running the corresponding risk profile analysis.
- Providing implementation services to assist customers in using Box in compliance with the minimum data protection requirements of the GDPR.
- Cross-Industry perspectives on Compliance/Data Protection Obligations
“Customers don’t need to go through the laborious task of working through the legal team, getting the binding corporate rules or model clauses negotiated with a contract. They can just use the DPA that we’ve launched. It’s just a simple process that the customer walks through to get the legal documentation in place to allow that cross-border transfer of data,” Box Vice-President of Compliance Crispen Maung told eWEEK.
Box offers a comprehensive set of EU third-party certifications and claims it is the only company that uses Global Binding Corporate Rules (BCRs) both as a processor and data controller, enabling companies across Europe to deploy a validated cloud environment in accordance with the highest data protection standards available today.
In addition to Privacy Shield, Box obtained two German certifications: Cloud Computing Compliance Controls Catalog (C5) certification and TCDP 1.0 (Trusted Cloud-Datenschutzprofil fuer Cloud Anbieter). With Binding Corporate Rules, C5 and the TCDP, Box has been independently reviewed for its privacy and cloud data protection practices and is well-suited to help customers prepare for the GDPR.
“Box works with tens of thousands of companies around the world to enable collaboration and management of their business information. Now, with just a couple of clicks, businesses can quickly verify their use of Box’s GDPR compliant offerings and focus on what’s most important to their business,” Pete McGoff, Box’s Chief Legal Officer, said.
“We’ve invested significant resources toward GDPR compliance, and we are committed to practicing transparency in how Box handles personal data. No one has made global data compliance in the cloud easier.”
Box Consulting: New Global Box Data Protection Services
Some of these regulatory issues, especially involving large multinational corporations, can’t all be solved by simple clicks of software, so Box has an additional option: new professional services.
As part of its global data protection services, Box Consulting is rolling out a new compliance-focused consulting engagement aimed at assisting customers to prepare for, understand and address evolving compliance requirements such as GDPR, PCI DSS, FedRamp, and HIPAA from a cloud-content management perspective. The engagement team uses Box technology and compliance professionals who work in conjunction with a customers' team in establishing a workable governance framework using the Box application.
The data protection service includes, but is not limited to, the following:
- assisting customers in categorizing their data and running the corresponding risk profile analysis;
- providing consulting services to assist customers configure Box to meet their own compliance needs; and
- internalizing cross-Industry perspectives on Compliance/Data Protection Obligations.
Box's global data protection offerings also include Box Zones, which provides customers with in-region data storage; Box KeySafe, which allows administrators to have control and visibility over data; and Box Governance, which enables customers to comply with data retention policies, satisfy e-discovery requests, and effectively manage sensitive information.