Equinix has completed the rigorous process of Binding Corporate Rules (BCRs) approval by European Union (EU) regulators. In doing so, it becomes the first company to have its BCRs approved by the European Data Protection Board (EDPB) consisting of all 27 Member States set up under the new GDPR regime.
BCRs are designed to allow multinational companies to transfer personal data from the European Economic Area (EEA) to their affiliates located outside of the EEA, while adhering to the highest standards, as demanded by EU regulators. Achieving BCRs compliance ensures that the personal data flows that Equinix adopts to operate its global enterprise and support its global customer base are GDPR compliant. To achieve this, Equinix demonstrated its robust security parameters for obtaining, processing and storing personal data used in order to provide services to customers on its global platform.
The process to get the BCRs approved with the Information Commissioner’s Office in the U.K. (ICO) as the lead data protection authority, was conducted against the backdrop of uncertainty around Brexit and complicating factors as to what a possible no deal exit from the EU may mean for the standing of the ICO and the current BCRs application.
The BCRs certification comes as governments around the world consider and implement data privacy regulations modeled after the GDPR, including locations where Equinix does business, such as in California and Brazil. By ensuring data privacy compliance in any market deployed, Equinix’s global footprint enables its customers to conduct business in a way that can gain a competitive business advantage across the world’s digital economy. Indeed, 86% of Equinix customers deploy in multiple markets, with 73% of them operating across multiple regions.
In an independent survey commissioned by Equinix of over 2,450 IT decision-makers across the world, the resulting need for a focus on data regulations was highlighted. 69% of IT decision-makers globally listed complying with data protection regulations as a top priority for their business, while 43% of IT decision-makers globally reported changing regulatory requirements around data privacy are a threat to their company.
·The European Data Protection Board ensures the consistent application of GDPR throughout the European Economic Area and since GDPR took effect, has a role to play in approving Binding Corporate Rules (BCRs) applications.
·Historically, Equinix has used the EU Model Clauses in its inter-company agreements to facilitate such data transfers from the EU, which will continue to be in place, but the BCRs provide the added “gold standard” in providing adequate safeguards to enable intra-group transfers to meet operational requirements and to facilitate the transborder flow of data as necessary today to run a global enterprise.
·Following approval by the EDPB, the ICO as the lead data protection authority for Equinix’s BCRs application, proceeded to formally approve and adopt the BCRs.
·Equinix’s BCRs cover personal data transferred from legal entities of Equinix in the EU worldwide, including employee and business contact information, i.e., customer, partner, supplier and vendor information.