Top of Page
IIJ Group received approval for its Binding Corporate Rules (BCRs), documented rules on personal data protections, from the Data Protection Authority (DPA) for the German state North Rhine-Westphalia(LDI-NRW) on August 5, 2021. This approval was grounded in the previous unanimous official approval from the EU member states(*).
The BCRs establish a policy for protecting personal data obtained in the European Economic Area (EEA) per the EU's personal data protection law, the General Data Protection Regulation (GDPR). The BCRs also stipulate rules for sharing this personal data with IIJ Group companies outside the EEA.
With the BCR approval, the IIJ Group has proven that it has the same level of privacy protection as companies in the EU (with legally adequate safeguards). This not only allows IIJ to legally handle EU personal data outside the EEA, but also allows customers of IIJ GIO and other cloud services to enjoy the benefits of being secured under the umbrella of IIJ's safeguards in various situations in which GDPR applies.
IIJ Group is also the world's first cloud service provider approved by LDI-NRW in accordance with the affirmative Opinions from European Data Protection Board(EDPB) for appropriate safeguards under the EU GDPR, which is currently more strictly enforced than Japan's Personal Information Protection Act. It means that IIJ Group can handle Japanese personal and confidential data safely and securely as well, regardless of whether it contains EU personal data.
For more information on the importance of obtaining BCR approval and the benefits for customers, refer to the press release below.
(*) Unanimous Official Approval from the EU Member States
End of the page.