Fujitsu Enhances Personal Data Protections to Respond to the General Data Protection Regulation

Fujitsu Limited today announced that Fujitsu has applied to the Dutch Data Protection Authority (DPA) to obtain approval for its Binding Corporate Rules for Processors (BCR-P), which are common rules established across the Fujitsu Group related to the handling of personal data that customers have entrusted to Fujitsu for processing. This application is part of the Company's effort to meet the legal requirements for the protection of personal data in Europe laid out in the General Data Protection Regulation (GDPR)⁽¹⁾.

By obtaining this approval, Fujitsu will be able to provide customers with safer and more secure services that comply with the GDPR.

Against the background of the rapid development of ICT around the globe, particularly in AI and IoT, personal data, as one part of big data, is used in a variety of forms, and the boundaries of such utilization continue to expand. The GDPR is planned to go into effect on May 25, 2018, in Europe, making it necessary for all members of corporate groups to protect and handle personal data more strictly.

The Fujitsu Group, from a variety of locations, provides standardized, high-quality services, including the processing of data received from customers, to customers around the world. It operates Global Delivery Centers in eight countries, which undertake such tasks as offering multilingual service desks as well as application development and operations. Moreover, the Fujitsu Group is promoting efforts to strengthen appropriate personal data protections in accordance with international regulations, in order to respond to the diversification of the technology and information in contemporary society.

Under the GDPR, customers who entrust personal data processing to other companies will be obliged to select data processors that meet the requirements of the GDPR, including the ability to process personal data using both appropriate technical and organizational measures. In light of this requirement, customers will be able to safely and securely entrust the processing of personal data to the Fujitsu Group once it has obtained approval from the DPA for its BCR-P.

Going forward, the Fujitsu Group will continue to promote efforts to strengthen its personal data protections.