Industry Insights

Syndicated News


Box Leads Charge on GDPR With First-of-its-Kind Data Processing Addendum and New Global Data Protection Consulting Services

Adds Leading Cloud-Based Network and Infrastructure Security Capabilities to Protect Enterprises from Today's Complex Digital Threats

REDWOOD CITY, Calif.--()--Box (NYSE:BOX), a leader in cloud content management, today announced a simple self-serve solution for global data privacy preparedness ahead of the European Union’s (EU) General Data Protection Regulation (GDPR), which takes effect on May 25, 2018, as well as new services from Box Consulting to help enterprises understand and meet key regulations around data protection. Box has pioneered cloud content management and led the industry on several critical compliance standards and regulations over the past several years, including HIPAA (for patient data), GxP (for life sciences regulated content), FedRAMP (for U.S. government data), and now GDPR.

“Business today is more connected and global than ever. Customer expectations have never been higher, and there is immense pressure to move faster, work across the extended enterprise, and deliver new experiences”

Tweet this

“Business today is more connected and global than ever. Customer expectations have never been higher, and there is immense pressure to move faster, work across the extended enterprise, and deliver new experiences,” said Stephanie Carullo, COO of Box. “In the digital workplace, traditional approaches to data protection are obsolete. Businesses need modern cloud platforms that can power the future of work and meet tomorrow’s security, compliance and regulatory needs. Box is laser-focused on this challenge and GDPR is a huge opportunity to extend next-generation data protection to the cloud.”

GDPR Readiness – New Self-Serve Data Processing Addendum

GDPR is the most significant data protection development in years, and was created to give European citizens more control over their personal data – ranging from mailing addresses to IP information. The GDPR covers the personal data for every EU citizen and provides comprehensive rights to data subjects. All companies that work with European employees, customers and partners will need to comply with the regulation – including being able to produce signed verification that any data stored or processed with 3rd parties meets important standards of data protection.

To help its customers meet verification needs, today Box announced a new Data Processing Addendum (DPA). The DPA, which is available for all current Box business customers, is a self-serve and easy-to-execute document that only requires an electronic signature from customers. Once signed, customers can provide the DPA to auditors to show that they use Box in a way that lets them demonstrate their data is being processed in a way that meets their GDPR compliance obligation.

“Box works with tens of thousands of companies around the world to enable collaboration and management of their business critical information. Now, with just a couple of clicks, businesses can quickly verify their use of Box’s GDPR compliant offerings and focus on what’s most important to their business,” said Pete McGoff, Chief Legal Officer of Box. “We’ve invested significant resources toward GDPR compliance and we are committed to practicing transparency in how Box handles personal data. No one has made global data compliance in the cloud easier.”

Box offers the most comprehensive set of EU third-party certifications and is the only company which uses Global Binding Corporate Rules (BCRs) both as a processor and data controller, enabling companies across Europe to deploy a validated cloud environment in accordance with the highest data protection standards available today. In addition to Privacy Shield, Box obtained two German certifications: Cloud Computing Compliance Controls Catalog (C5) certification and TCDP 1.0 (Trusted Cloud-Datenschutzprofil fuer Cloud Anbieter). With Binding Corporate Rules, C5 and the TCDP, Box has been independently reviewed for its privacy and cloud data protection practices and is well-suited to help customers prepare for the GDPR.

Box Consulting: New Global Box Data Protection Services

Box continues to raise the bar for privacy and security in the cloud, driving industry leadership with advanced enterprise capabilities. Box has proactively implemented strong independently verified security and privacy practices to provide customers with transparency. Box also works directly with customers to help them understand what safeguards are needed for data protection in the cloud in order to establish a solid foundation for companies to meet the domestic and international requirements.

As part of its global data protection services, Box Consulting is rolling out a new compliance-focused consulting engagement aimed at assisting customers prepare for, understand and address evolving compliance requirements such as GDPR, PCI DSS, FedRAMP, and HIPAA from a cloud content management perspective. The engagement team comprises Box technology and compliance professionals who work in conjunction with a customers' team in establishing a workable governance framework that leverages the Box application.

The data protection service includes the following:

  • Assisting customers in developing a strategy for categorizing their data and running the corresponding risk profile analysis
  • Assisting customers to develop a data protection framework that is based on the customers own unique data protection risk profile
  • Providing implementation services to assist customers with implementing Box in accordance with their own derived implementation framework
  • Cross-industry perspectives on Compliance/Data Protection Obligations

“With offices in more than 19 countries, and millions of customers it’s critically important that we obtain GDPR compliance to ensure the data of our customers and employees is protected,” said Stijn Stabel, Head of Architecture and Innovation at Alcopa. “Being able to engage with Box’s consulting team, and utilize their compliance expertise, provides another layer of reassurance that we are taking the correct steps.”

Box's global data protection offerings also include Box Zones, which provides customers with in-region data storage; Box KeySafe, which allows administrators to have control and visibility over data; and Box Governance, which enables customers to comply with data retention policies, satisfy e-discovery requests, and effectively manage sensitive information. Box is also a leader in compliance standards, enabling customers to maintain adherence to important industry regulations including HIPAA, FINRA, FedRAMP, and PCI DSS, amongst others.

Register for our webinar on February 28th and learn how Box is streamlining your GDPR readiness journey.

To download the data protection addendum visit

To learn more about Box Consulting for data protection download our datasheet.

About Box
Box (NYSE:BOX) is the cloud content management company that empowers enterprises to revolutionize how they work by securely connecting their people, information and applications. Founded in 2005, Box powers 80,000 businesses globally, including AstraZeneca, General Electric, P&G, and The GAP. Box is headquartered in Redwood City, CA, with offices across the United States, Europe and Asia. To learn more about Box, visit

Katie Uhlman, 650-743-6607

View original content: Here

Are Governments Providing Improved Digital Experiences During a Global Pandemic?