Top of Page
IIJ to Provide Tools to Support GDPR Compliance, and to Launch an Outsourcing Service for Data Protection Officers
March 19, 2018
TOKYO-March 19, 2018-Internet Initiative Japan Inc. (IIJ, NASDAQ: IIJI, TSE1: 3774), one of Japan's leading Internet access and comprehensive network solutions providers, today announced that it will launch its Quick GDPR Compliance Assessment, the IIJ Compliance Platform for GDPR, and other support tools for helping its customers respond to the General Data Protection Regulation (GDPR), which the EU enacted as a framework for personal data protection. The Quick GDPR Compliance Assessment is meant to assess corporations' current ability to comply with GDPR, while the IIJ Compliance Platform for GDPR includes the functions that corporations will need to respond to GDPR on their own. Furthermore, IIJ will provide its IIJ DPO Outsourcing Service so that companies can outsource data protection officers (DPOs (*1)) whom the Data Protection Supervisory Authority requires to be appointed.
The GDPR is an EU regulation that establishes legal requirements that must be satisfied in the processing of personal data within the EU and in the transfer of personal data from within the EU to third countries. The law also makes companies liable for administrative fine up to four percent of their global annual revenues or up to 20 million euros, whichever is higher, when a company is found to be in violation. The law will come into effect on May 25, 2018, but the public is not well-informed about the regulation. Because the compliance requirements cover a lot of ground, many companies that will be subject to the regulation are not completely prepared for the changes it will bring.
As part of its compliance with GDPR, IIJ has leveraged the knowledge it has gained through early steps in responding to data protection regulations, which include its submission of IIJ Group's documented uniform information management tool Binding Corporate Rules (BCR) to the UK's Information Commissioner's Office (ICO) in October 2016 (*2). In July 2017, IIJ launched the IIJ Business Risk Management Portal, which provides GDPR guidelines, explanations of related news, and other relevant information in Japanese. Now, to complete its support for corporations looking to comply with GDPR, IIJ will launch three new services.
By answering 25 questions in five categories related to GDPR compliance, companies can easily assess their own current state of compliance with the new regulation. The results appear in the form of a radar chart, and IIJ's customers can visually grasp the areas in which they are not yet compliant. This will be useful in formulating a compliance plan. This service will be available starting today as an option on the IIJ Business Risk Management Portal. Registered users of the IIJ Business Risk Management Portal may use the Quick GDPR Compliance Assessment for free.
|Membership type (*3)||Registration fees||Simple GDPR Compliance Assessment use fees|
|Free membership||JPY 0 per month||JPY 0(*4)|
|Basic membership||JPY 3,480 per month|
|Advanced membership||JPY 15,000 per month|
This platform provides functions for visualizing companies' own current compliance with GDPR and its compliance progress, while also automatically producing reports to executive management and supervisory authorities. Just by registering their internal systems for handling personal information on the platform, customers will be able to follow guidance and perform easy-to-understand tasks. The platform is provided under the partnership with Digital Control Room Limited (UK) and will be available starting March 26, 2018.
|Preparation||Setup||Users set their DPO's names, organizational structures, data handling policies, and other basic information.|
|System and data flow map||This maps the organization's system and third-party processors.|
|Assessment||Data processing||This is an assessment of data processing compliance.|
|Relations with third-party organizations||This assesses compliance in terms of relations with all third-party organizations.|
|Transfers to third countries||This assesses the gap in protective measures when transferring data to third countries.|
|Security||This assesses data security.|
|Achieve and Maintain||Deviations||This provides follow-up, management, and resolution of compliance deviation.|
|Privacy notices||This establishes and maintains privacy notices.|
|Third-party compliance audits||This assesses third-party compliance and manages applicable audits.|
|Breach notifications||This provides notifications when data breach occurs.|
|Privacy by design||Data privacy impact assessment||This conducts a DPIA (*5) and performs an audit.|
|Reports||This automatically creates reports. (*6)|
|Support||IIJ representatives can help with any unclear matters.|
|Type of IIJ Business Risk Management Portal Membership||Initial Fees||Monthly Fees (by number of systems registered)|
|General customers||JPY 300,000||
|IIJ Business risk management portal Advanced membership||JPY 100,000||
In addition to their knowledge on EU regulation and each EU member state law related to GDPR and privacy protection, DPOs need to have diverse knowledge and abilities regarding how to handle personal data and the related IT systems and data security technologies. Furthermore, because DPOs are granted a high degree of independence and authority in their roles as data protection officers, they are not allowed to concurrently serve as managers in departments involved in handling personal data. As a result, companies find it challenging to appoint well-qualified individuals from within their own ranks. This service leverages the wealth of knowledge of IIJ's expert staff to provide contract DPOs. This service includes up to 10 corporate systems registered on the IIJ Compliance Platform for GDPR, so that user companies can effectively manage operations globally. Registration will begin on March 26, 2018, and the service will be available starting April 9.
|JPY 2 million
|IIJ arranges and determines the operation plan and tasks, including creating a DPO team, arranging an annual plan for the DPO team, and performing weekly and monthly reviews, based on all the documents for GDPR compliance that the client company has prepared so far.|
|Operation||JPY 120,000 per month
IIJ will continue to quickly respond to changes to laws and regulations in all countries, to provide support for its customers' business risk management strategies.
I welcome the launch of the IIJ Compliance Platform for GDPR - a joint initiative driven by the close partnership between IIJ and Digital Control Room (DCR). We are proud to support IIJ's customers with this powerful compliance system, which efficiently integrates DCR's proven technology with IIJ's expert GDPR consultancy services.
Digital Control Room Ltd.
Stephen Hickey, Managing Director
Founded in 1992, IIJ is one of Japan's leading Internet-access and comprehensive network solutions providers. IIJ and its group companies provide total network solutions that mainly cater to high-end corporate customers. IIJ's services include high-quality Internet connectivity services, systems integration, cloud computing services, security services and mobile services. Moreover, IIJ has built one of the largest Internet backbone networks in Japan that is connected to the United States, the United Kingdom and Asia. IIJ was listed on the U.S. NASDAQ Stock Market in 1999 and on the First Section of the Tokyo Stock Exchange in 2006.
The statements within this release contain forward-looking statements about our future plans that involve risk and uncertainty. These statements may differ materially from actual future events or results. Readers are referred to the documents furnished by Internet Initiative Japan Inc. with the SEC, specifically the most recent reports on Forms 20-F and 6-K, which identify important risk factors that could cause actual results to differ from those contained in the forward-looking statements.
IIJ Corporate Communications
End of the page.