Zendesk has completed the EU approval process with the Irish DPC (peer reviewed by both the UK Information Commissioner’s Office (ICO) and the Dutch Data Protection Authority (DPA)) for its global Binding Corporate Rules (BCRs) as data processor and controller. This significant regulatory approval validates Zendesk’s implementation of the highest possible standards for protecting personal data globally, covering both the personal data of its customers and its employees.
“We firmly believe in delivering certainty to our customers for the protection of their data. The approval of our BCRs is significant for us and demonstrates our ongoing commitment to protecting the privacy of personal data at Zendesk,” said John Geschke, general counsel and senior vice president of administration at Zendesk. “In addition to our BCRs, Zendesk is a certified signatory to EU-US Privacy Shield and at the request of its customers will enter into the Zendesk Data Processing Agreement, which includes EU model clauses.”
“This provides further confirmation that Zendesk is a global business that values security and data privacy at its core,” said John Crossan, vice president EMEA at Zendesk. “As a result of the Irish DPC’s approval of our BCRs, companies across Europe know when they deal with Zendesk, they are dealing with one of the most secure customer relationship software providers globally with the highest data protection standards available today.”
BCRs are internal company-specific data protection policies enabling a global business the ability to transfer personal data within the company (as a data controller) and to process personal data of its EEA customers on an intra-group basis anywhere in the world (as a data processor).
Approval is based on rigorous criteria set out by the European Data Protection Agencies and the process required a thorough review of Zendesk’s global data privacy compliance policies and procedures as required by the EU DPAs. Zendesk is one of only a few software companies in the world to have received approval for its BCRs; and just the second company ever to receive approval from the Irish DPC. It was supported throughout the BCR regulatory approval process by leading European law firm, Fieldfisher.
BCRs make it possible for multinational companies to standardise their practices relating to the protection of personal data by assuring an identical level of protection and security, benchmarked against rigorous European data protection standards, regardless of where the customer is based in the world. They demonstrate that data protection is integral to the way a company carries out its business and are validation that the company has the highest possible standard for dealing with data. This provides assurance for even the most privacy and security conscious companies around the world when working with Zendesk.
A Forrester report into EU data protection laws highlighted that implementing BCRs demonstrates additional data protection dedication and can ease data transfer concerns for EU decision-makers. A growing number of multinational companies believe that BCRs are an appropriate and practical mechanism for managing transborder flows of personal data.
Zendesk has more than 101,000 paid customer accounts globally across a range of industries. In the EMEA region, the company has over 35,000 paid customer accounts in EMEA growing at over 30 percent year over year to end March 2017 including John Lewis, Trustpilot, Lampiris and e-Boks.
In addition to the approval of its BCRs, Zendesk has achieved its SOC 2 Type II compliance. Zendesk also complies with ISO 27001:2013 and 27018:2014, the standard for protecting Personally Identifiable Information (PII) in the cloud, set forth by the International Standards Organisation. Also, Zendesk, Inc. has been approved to sell its cloud software services on the UK Government Digital Marketplace's 'G-Cloud 9' framework.