Top of Page

Links to move inside this page.

  1. HOME
  2. About IIJ
  3. News / CSR
  4. Press Releases
  5. 2018
  6. IIJ Launches Four New Services for GDPR, the EU's Regulation Protecting Personal Information

IIJ Launches Four New Services for GDPR, the EU's Regulation Protecting Personal Information

Including the EU representatives, Incident response support, secondary review, and cookie audit services

November 12, 2018

TOKYO-November 12, 2018-Internet Initiative Japan Inc. (IIJ, NASDAQ: IIJI, TSE1: 3774), one of Japan's leading Internet access and comprehensive network solutions providers, today announced greater support for companies responding to the General Data Protection Regulation (the EU's regulation stipulating a framework for protecting personal information). IIJ is launching new services called the IIJ EU Representative Service, IIJ GDPR Emergency Response Support Service, IIJ GDPR Compliance Second Opinion Service, and DCR Cookie Audit Service.

The GDPR stipulates legal requirements, under EU law, that must be met when processing the personal data of individuals in the EU. GDPR violations may lead to penalties of up to 20 million euros or up to 4% of the violating company's global revenue, whichever is higher. Although this regulation was enacted on May 25, 2018, responses from Japanese companies have been significantly delayed. The promotion of further countermeasures in both emergency and non-emergency cases is needed, because there are examples in Japan of cases that may lead to GDPR violations. With that background, IIJ is launching four new services to support the responses of Japanese companies to the GDPR.

IIJ EU Representative Service

When companies without any establishments in the European Economic Area (EEA) handle the personal data who is in EU, those companies are obligated to appoint a representative to act as a contact for communications with supervisory authorities and data subjects in the EEA. IIJ offers the IIJ EU Representative Service, which provides representative services in the EU experienced in liaising with regulatory authorities. Through this service, a Japanese-speaking consultants will intermediate for clients and provide advice and support for inquiries from supervisory authorities and data subjects.
At the launch stage, the representative service will support four languages: English, French, German, and Spanish, covering nine countries: Austria, Belgium, France, Germany, Ireland, Luxembourg, the Netherlands, Spain, and the UK. IIJ plans to add support for more countries on customer request.
Furthermore, the service offers an optional widget (a module for web sites) that provides translations of data-subject inquiries in the 24 official EU languages.


  • Initial fee: JPY300,000
  • Optional fee for widget building, supports the 24 official EU languages: JPY500,000
  • Annual fees:
Menu Bronze Silver Gold Platinum
No. of data subjects - 100 101 - 1,000 1,001 - 10,000 10,001 -
Basic fee JPY96,000 JPY240,000 JPY480,000 Quoted per case
Sensitive data option JPY96,000 JPY240,000 JPY480,000 Quoted per case
  • (*)Prices shown do not include tax.

IIJ GDPR Emergency Response Support Service

When there is an infringement, or possible infringement, of an individual's data in the EEA, this service provides emergency support, which includes formulating an ex post facto response, constructing a response framework, and drafting reports to supervisory authorities and data subjects.


Quotes offered in line with the type of individual data infringement, the content of the case, its scale, and its impact.

Please note that, because emergency responses to GDPR violations require appropriate actions and extended work hours, clients should expect significant fees. IIJ has alliances with several insurance companies that offer coverage, through cyber and other insurance provided by non-life insurance companies, for the costs related to emergency and non-emergency GDPR responses.

IIJ GDPR Compliance Second Opinion Service

This service provides a review of GDPR compliance documents authored by customers or other companies in order to find possible omissions in these documents and response measures. If the content has any omissions, or if additional documents or material need to be prepared, this service will suggest improvements and specific approaches as needed. Support is also available for carrying out specific approaches.


  • Phase 1 simple diagnosis
  • Phase 2 support for strengthening your GDPR framework
  • Phase 3 implementation of improvement measures
All Quoted per case

DCR Cookie Audit Service

There are plans to enact an "ePrivacy Regulation" (as a new privacy law in the EU following GDPR) aimed at safeguarding personal information in the realm of digital communications. If this proposed regulation is implemented, the express consent of users will be mandatory when collecting data through website cookies, except for necessary cookies whose acquisition is permitted.
The DCR Cookie Audit Service uses the cookie consent management service of Digital Control Room Limited (a UK company). The easy set-up requires only embedding JavaScript in your website, after which, your company can disclose your cookie policy and obtain user consent.
As the primary general agent in Japan, IIJ will sell this service through channel partners.


Open pricing (reference price: JPY14,400–/year/up to 500 pages)

Additionally, IIJ has begun providing advice on the China Internet Security Law (which took effect in June 2017) as part of the already offered Business Risk Advisory Services. Furthermore, IIJ also plans to add a support service to address the California Consumer Privacy Act, planned to go into effect in the State of California (USA) in 2020.

IIJ will move swiftly to respond to future regulations in each country and will support our customers' risk management efforts.

About IIJ

Founded in 1992, IIJ is one of Japan's leading Internet-access and comprehensive network solutions providers. IIJ and its group companies provide total network solutions that mainly cater to high-end corporate customers. IIJ's services include high-quality Internet connectivity services, systems integration, cloud computing services, security services and mobile services. Moreover, IIJ has built one of the largest Internet backbone networks in Japan that is connected to the United States, the United Kingdom and Asia. IIJ was listed on the U.S. NASDAQ Stock Market in 1999 and on the First Section of the Tokyo Stock Exchange in 2006.

The statements within this release contain forward-looking statements about our future plans that involve risk and uncertainty. These statements may differ materially from actual future events or results. Readers are referred to the documents furnished by Internet Initiative Japan Inc. with the SEC, specifically the most recent reports on Forms 20-F and 6-K, which identify important risk factors that could cause actual results to differ from those contained in the forward-looking statements.

For inquiries, contact

IIJ Corporate Communications

  • (*) All company names and service names used in this press release are the trademarks or registered trademarks of their respective owners.

Get Adobe Acrobat Reader

End of the page.

Top of Page