Box (NYSE:BOX), a leader in cloud content management, announced a simple self-serve solution for global data privacy preparedness ahead of the European Union’s (EU) General Data Protection Regulation (GDPR), which takes effect on May 25, 2018, as well as new services from Box Consulting to help enterprises understand and meet key regulations around data protection.

Box has pioneered cloud content management and led the industry on several critical compliance standards and regulations over the past several years, including HIPAA (for patient data), GxP (for life sciences regulated content), FedRAMP (for U.S. government data), and now GDPR.

GDPR Readiness – New Self-Serve Data Processing Addendum

GDPR is the most significant data protection development in years, and was created to give European citizens more control over their personal data – ranging from mailing addresses to IP information. The GDPR covers the personal data for every EU citizen and provides comprehensive rights to data subjects. All companies that work with European employees, customers and partners will need to comply with the regulation – including being able to produce signed verification that any data stored or processed with 3rd parties meets important standards of data protection.

To help its customers meet verification needs, today Box announced a new Data Processing Addendum (DPA). The DPA, which is available for all current Box business customers, is a self-serve and easy-to-execute document that only requires an electronic signature from customers. Once signed, customers can provide the DPA to auditors to show that they use Box in a way that lets them demonstrate their data is being processed in a way that meets their GDPR compliance obligation.

Box offers the most comprehensive set of EU third-party certifications and is the only company which uses Global Binding Corporate Rules (BCRs) both as a processor and data controller, enabling companies across Europe to deploy a validated cloud environment in accordance with the highest data protection standards available today. In addition to Privacy Shield, Box obtained two German certifications: Cloud Computing Compliance Controls Catalog (C5) certification and TCDP 1.0 (Trusted Cloud-Datenschutzprofil fuer Cloud Anbieter). With Binding Corporate Rules, C5 and the TCDP, Box has been independently reviewed for its privacy and cloud data protection practices and is well-suited to help customers prepare for the GDPR.

About Box

Box (NYSE:BOX) is the cloud content management company that empowers enterprises to revolutionize how they work by securely connecting their people, information and applications. Founded in 2005, Box powers 80,000 businesses globally, including AstraZeneca, General Electric, P&G, and The GAP. Box is headquartered in Redwood City, CA, with offices across the United States, Europe and Asia. To learn more about Box, visit

To read the full release click on the link below.