The UK’s Information Commission Office (ICO) has approved an application by First Data to share personal customer data across international borders.
This will allow the payment and transactions technology provider to use and store customer information sourced in one nation or jurisdiction in overseas branches, departments and locations.
To get clearance, the payment technology provider had to submit a Processor Binding Corporate Rules (BCR) application to the government agency. This is used to show that a company is able to keep in line with the EU’s Data Protection Directive, the toughest data security framework in existence.
First Data is among the first companies in the world to meet its strict requirements.
“First Data should be commended for its commitment to the concept of binding corporate rules and for the respect for the privacy of individuals that this demonstrates,” said David Smith, ICO Deputy Commissioner, in a statement. “The ICO welcomes approaches from multi-national organizations that need to share personal information within their own group, but outside Europe and who want to use binding corporate rules to enable that.”
In 2011, the ICO also granted First Data its Controller BCR, allowing the company to transfer employee information across national borders.