Fujitsu Enhances Personal Data Protections to Respond to the General Data Protection Regulation
Fujitsu Limited announced that Fujitsu has applied to the Dutch Data Protection Authority (DPA) to obtain approval for its Binding Corporate Rules for Processors (BCR-P), which are common rules established across the Fujitsu Group related to the handling of personal data that customers have entrusted to Fujitsu for processing. This application is part of the Company’s effort to meet the legal requirements for the protection of personal data in Europe laid out in the General Data Protection Regulation (GDPR)(1).
By obtaining this approval, Fujitsu will be able to provide customers with safer and more secure services that comply with the GDPR.
Against the background of the rapid development of ICT around the globe, particularly in AI and IoT, personal data, as one part of big data, is used in a variety of forms, and the boundaries of such utilization continue to expand. The GDPR is planned to go into effect on May 25, 2018, in Europe, making it necessary for all members of corporate groups to protect and handle personal data more strictly.
The Fujitsu Group, from a variety of locations, provides standardized, high-quality services, including the processing of data received from customers, to customers around the world. It operates Global Delivery Centers in eight countries, which undertake such tasks as offering multilingual service desks as well as application development and operations. Moreover, the Fujitsu Group is promoting efforts to strengthen appropriate personal data protections in accordance with international regulations, in order to respond to the diversification of the technology and information in contemporary society.
Under the GDPR, customers who entrust personal data processing to other companies will be obliged to select data processors that meet the requirements of the GDPR, including the ability to process personal data using both appropriate technical and organizational measures. In light of this requirement, customers will be able to safely and securely entrust the processing of personal data to the Fujitsu Group once it has obtained approval from the DPA for its BCR-P.
Going forward, the Fujitsu Group will continue to promote efforts to strengthen its personal data protections.
A European regulation obligating companies, organizations, and other bodies to protect personal data, controlling the movement of personal data outside the European Economic Area, and requiring the reporting of data leaks within 72 hours, among other requirements. Companies, organizations, or other bodies found to be in violation may be subject to administrative fines of up to 4% of the annual revenue of the entire corporate group, or 20 million euros, whichever is greater.
About Fujitsu Ltd
Fujitsu is the leading Japanese information and communication technology (ICT) company, offering a full range of technology products, solutions, and services. Approximately 155,000 Fujitsu people support customers in more than 100 countries. We use our experience and the power of ICT to shape the future of society with our customers. Fujitsu Limited (TSE: 6702) reported consolidated revenues of 4.5 trillion yen (US$40 billion) for the fiscal year ended March 31, 2017. For more information, please see http://www.fujitsu.com.