Saturday, 18th January 2020

Dealing with data transfers

Equinix is the first company to have its Binding Corporate Rules approved under the new GDPR regime.

Equinix has completed the rigorous process of Binding Corporate Rules (BCRs) approval by European Union (EU) regulators. In doing so, it becomes the first company to have its BCRs approved by the European Data Protection Board (EDPB) consisting of all 27 Member States set up under the new GDPR regime.


BCRs are designed to allow multinational companies to transfer personal data from the European Economic Area (EEA) to their affiliates located outside of the EEA, while adhering to the highest standards, as demanded by EU regulators. Achieving BCRs compliance ensures that the personal data flows that Equinix adopts to operate its global enterprise and support its global customer base are GDPR compliant. To achieve this, Equinix demonstrated its robust security parameters for obtaining, processing and storing personal data used in order to provide services to customers on its global platform.

The process to get the BCRs approved with the Information Commissioner’s Office in the U.K. (ICO) as the lead data protection authority, was conducted against the backdrop of uncertainty around Brexit and complicating factors as to what a possible no deal exit from the EU may mean for the standing of the ICO and the current BCRs application.

The BCRs certification comes as governments around the world consider and implement data privacy regulations modeled after the GDPR, including locations where Equinix does business, such as in California and Brazil. By ensuring data privacy compliance in any market deployed, Equinix’s global footprint enables its customers to conduct business in a way that can gain a competitive business advantage across the world’s digital economy. Indeed, 86% of Equinix customers deploy in multiple markets, with 73% of them operating across multiple regions.

In an independent survey commissioned by Equinix of over 2,450 IT decision-makers across the world, the resulting need for a focus on data regulations was highlighted. 69% of IT decision-makers globally listed complying with data protection regulations as a top priority for their business, while 43% of IT decision-makers globally reported changing regulatory requirements around data privacy are a threat to their company.

·The European Data Protection Board ensures the consistent application of GDPR throughout the European Economic Area and since GDPR took effect, has a role to play in approving Binding Corporate Rules (BCRs) applications.

·Historically, Equinix has used the EU Model Clauses in its inter-company agreements to facilitate such data transfers from the EU, which will continue to be in place, but the BCRs provide the added “gold standard” in providing adequate safeguards to enable intra-group transfers to meet operational requirements and to facilitate the transborder flow of data as necessary today to run a global enterprise.

·Following approval by the EDPB, the ICO as the lead data protection authority for Equinix’s BCRs application, proceeded to formally approve and adopt the BCRs.

·Equinix’s BCRs cover personal data transferred from legal entities of Equinix in the EU worldwide, including employee and business contact information, i.e., customer, partner, supplier and vendor information.

·These BCRs are a critical part of the overall Equinix Global Privacy Policy, that ensures data privacy compliance managed by the Equinix Privacy Office, and in a manner that supports Equinix’s global corporate strategy.

A new online platform designed to significantly reduce the administrative burden of GDPR and aid com...
NordVPN issues seven cybersecurity resolutions for executives and employees to increase security in...
Training remains a critical form of defence against cyber-attacks.
ForgeRock and Accenture collaborate to improve Identity Management and Governance using Artificial I...
bluedog Security Monitoring has launched a new compliance module which enables users to check the st...
Over half of companies surveyed were not able to meet data access and portability requests within th...
New report looks at why these low-volume attacks are so costly, and how to protect your business fro...
Gaps in data sanitization knowledge and policies mean global enterprises are putting their organizat...