Mercator’s recent research report “EU Data Protection and Privacy: Conflicts Simmer and Risks Grow” outlined many of the challenges facing American firms, both financial and non-financial, in complying with data privacy requirements of member countries of the European Union. In that report, we observed that only 15 firms worldwide had succeeded in meeting the regulatory standards associated with “Binding Corporate Rules” for global data privacy protection and security. At the time, the only U.S. bank on that list was JPMorganChase.
First Data has announced today that they have become the first payment processor to achieve EU approval for their global privacy practices. According to their press release:
“The European Union’s Data Protection Directive is recognized worldwide for establishing rigorous data privacy protections. Binding corporate rules … are considered the platinum standard for compliance with the European Union Data Protection Directive. First Data’s binding corporate rules are designed to enforce a consistent high standard for protecting personal data throughout the organization, and will allow First Data to transfer personal data from the European Economic Area to its affiliates elsewhere in the world—which is prohibited under the European Union Data Protection Directive unless adequate safeguards are in place.”
This is no small feat. First Data should be applauded for taking this bold step, and for succeeding in joining an exceptionally small global club.