The UK’s Information Commission Office (ICO) has approved an application by First Data to share personal customer data across international borders.
This will allow the payment and transactions technology provider to use and store customer information sourced in one nation or jurisdiction in overseas branches, departments and locations.
To get clearance, the payment technology provider had to submit a Processor Binding Corporate Rules (BCR) application to the government agency. This is used to show that a company is able to keep in line with the EU’s Data Protection Directive, the toughest data security framework in existence.
First Data is among the first companies in the world to meet its strict requirements.
“First Data should be commended for its commitment to the concept of binding corporate rules and for the respect for the privacy of individuals that this demonstrates,” said David Smith, ICO Deputy Commissioner, in a statement. “The ICO welcomes approaches from multi-national organizations that need to share personal information within their own group, but outside Europe and who want to use binding corporate rules to enable that.”
In 2011, the ICO also granted First Data its Controller BCR, allowing the company to transfer employee information across national borders.
Despite the data protection regulation being implemented in 2018, 69% of IT decision makers don’t have the backing of their board to achieve GDPR compliance, according to Calligo.
The majority of the region’s 28 member states report that the situation has worsened over the past year, reports business management consultant Verisk Maplecroft.
Regulators in the UK, the US and Hong Kong instituted proceedings against more than 1,700 individuals last year, or four times the number of cases brought against companies.
The US Commodity Futures Trading Commission approved LedgerX as the first regulated clearing house for derivatives contracts settling in digital currencies.