Top of Page

Links to move inside this page.

  1. HOME
  2. About IIJ
  3. News / CSR
  4. Press Releases
  5. 2016
  6. The IIJ Group has submitted its Binding Corporate Rules to UK Information Commissioner's Office

The IIJ Group has submitted its Binding Corporate Rules to UK Information Commissioner's Office

IIJ Group is now preparing for the new EU regulation on personal data protection

October 26, 2016
Internet Initiative Japan Inc.
IIJ Europe Limited

TOKYO-October 26, 2016-IIJ Europe Limited, a fully-owned subsidiary of Internet Initiative Japan Inc. (IIJ, NASDAQ: IIJI, TSE1: 3774), one of Japan's leading Internet access and comprehensive network solutions providers, today announced that it has submitted the IIJ Group's Binding Corporate Rules (BCR), the documented, internal rules which define the global policy with regard to personal data protection within the IIJ Group, to the UK's Information Commissioner's Office (ICO) on October 14, 2016. These BCR confirm that the Group complies with applicable and prospective EU data protection rules, including the new General Data Protection Regulation (GDPR).

The IIJ Group, with the assistance of lawyers with the Brussels office of WilmerHale (Wilmer Cutler Pickering Hale and Dorr LLP), has submitted its BCR, and aims to obtain approval by the ICO in the fall of 2017, as the first Japanese cloud provider to do so. The IIJ Group will be able to make use of the approved BCR for international transfers of personal data taking place among IIJ Group companies.


A new rulebook on data protection, the GDPR, will take effect in the EU as of May 25, 2018. Given the rapid development in communication technologies and globalization, the GDPR compels businesses and organizations including public agencies to enact clearer and stronger data protection safeguards, building on the rules already enacted pursuant to the Data Protection Directive adopted in EU member countries in 1995. The GDPR provides for mandatory rules applying to the processing of EU personal data as well as to the export of such data from within the EU to third countries. It also makes undertakings that are found to be in violation of these regulations subject to fines of up to 20 million EUR or 4% of that undertaking’s annual worldwide turnover whichever is higher.

As a means to introduce appropriate safeguards to ensure that data transfers comply with the EU Data Protection Directive and the GDPR, corporations may establish Binding Corporate Rules (BCR)-documented methods for implementing data protection safeguards-that can be submitted for the approval of competent data protection authorities (DPA) within EU member countries. Since these BCR apply to all IIJ Group companies, the approval will mean that the IIJ Group will be recognized by the DPA as achieving a level of personal data protection that satisfies the regulations in the EU.

Benefits to Customers

All Japanese companies and organizations doing business in or with Europe will need to comply with the EU's GDPR. When relying on third party data processors, they must ensure that these processors will comply with all applicable EU data protection rules. The customers who designate IIJ Group as a processor bound by approved BCR and use its cloud and email services will be able to process personal EU data and transfer such data to countries outside the EU with fewer burdens.

IIJ Group will continue to support the IT environments of customers doing business in Europe by using its technological expertise to deliver high-quality services and high value-added systems integration.

About IIJ Europe

IIJ Europe, based in London and Dusseldorf was formerly Exlayer established in 2001 and is now a wholly owned subsidiary of IIJ. IIJ Europe utilises and embraces the latest internet technologies to design, deliver and manage highly qualified and experienced IT solutions. The company also offers IIJ GIO EU Service, its flagship cloud computing service to European enterprises.

About IIJ

Founded in 1992, IIJ is one of Japan's leading Internet-access and comprehensive network solutions providers. IIJ and its group companies provide total network solutions that mainly cater to high-end corporate customers. IIJ's services include high-quality Internet connectivity services, systems integration, cloud computing services, security services and mobile services. Moreover, IIJ has built one of the largest Internet backbone networks in Japan that is connected to the United States, the United Kingdom and Asia. IIJ was listed on the U.S. NASDAQ Stock Market in 1999 and on the First Section of the Tokyo Stock Exchange in 2006.

The statements within this release contain forward-looking statements about our future plans that involve risk and uncertainty. These statements may differ materially from actual future events or results. Readers are referred to the documents furnished by Internet Initiative Japan Inc. with the SEC, specifically the most recent reports on Forms 20-F and 6-K, which identify important risk factors that could cause actual results to differ from those contained in the forward-looking statements.

For inquiries, contact

IIJ Corporate Communications

Get Adobe Acrobat Reader

End of the page.

Top of Page