Skip to main content

For media, analyst, and speaking inquiries, please contact us.

press@zendesk.com

Zendesk Adheres to Highest Standards of Data Protection With European BCR Approval

June 6, 2017

Becomes just the second company ever to receive Binding Corporate Rules (BCR) approval through Irish Data Protection Commissioner (DPC)

London — 6 June 2017 — Zendesk, Inc. (NYSE: ZEN) a leading provider of software for better customer relationships, today announced that it has completed the EU approval process with the Irish DPC (peer reviewed by both the UK Information Commissioner’s Office (ICO) and the Dutch Data Protection Authority (DPA)) for its global Binding Corporate Rules (BCRs) as data processor and controller. This significant regulatory approval validates Zendesk’s implementation of the highest possible standards for protecting personal data globally, covering both the personal data of its customers and its employees.

“We firmly believe in delivering certainty to our customers for the protection of their data. The approval of our BCRs is significant for us and demonstrates our ongoing commitment to protecting the privacy of personal data at Zendesk,” said John Geschke, general counsel and senior vice president of administration at Zendesk. “In addition to our BCRs, Zendesk is a certified signatory to EU-US Privacy Shield and at the request of its customers will enter into the Zendesk Data Processing Agreement, which includes EU model clauses.”

“This provides further confirmation that Zendesk is a global business that values security and data privacy at its core,” said John Crossan, vice president EMEA at Zendesk. “As a result of the Irish DPC’s approval of our BCRs, companies across Europe know when they deal with Zendesk, they are dealing with one of the most secure customer relationship software providers globally with the highest data protection standards available today.”

BCRs are internal company-specific data protection policies enabling a global business the ability to transfer personal data within the company (as a data controller) and to process personal data of its EEA customers on an intra-group basis anywhere in the world (as a data processor).

Approval is based on rigorous criteria set out by the European Data Protection Agencies and the process required a thorough review of Zendesk’s global data privacy compliance policies and procedures as required by the EU DPAs. Zendesk is one of only a few software companies in the world to have received approval for its BCRs; and just the second company ever to receive approval from the Irish DPC. It was supported throughout the BCR regulatory approval process by leading European law firm, Fieldfisher.

BCRs make it possible for multinational companies to standardise their practices relating to the protection of personal data by assuring an identical level of protection and security, benchmarked against rigorous European data protection standards, regardless of where the customer is based in the world. They demonstrate that data protection is integral to the way a company carries out its business and are validation that the company has the highest possible standard for dealing with data. This provides assurance for even the most privacy and security conscious companies around the world when working with Zendesk.

A Forrester report into EU data protection laws highlighted that implementing BCRs demonstrates additional data protection dedication and can ease data transfer concerns for EU decision-makers. A growing number of multinational companies believe that BCRs are an appropriate and practical mechanism for managing transborder flows of personal data.

Zendesk has more than 101,000 paid customer accounts globally across a range of industries. In the EMEA region, the company has over 35,000 paid customer accounts in EMEA growing at over 30 percent year over year to end March 2017 including John Lewis, Trustpilot, Lampiris and e-Boks.

In addition to the approval of its BCRs, Zendesk has achieved its SOC 2 Type II compliance. Zendesk also complies with ISO 27001:2013 and 27018:2014, the standard for protecting Personally Identifiable Information (PII) in the cloud, set forth by the International Standards Organisation. Also, Zendesk, Inc. has been approved to sell its cloud software services on the UK Government Digital Marketplace’s ‘G-Cloud 9’ framework.

About Zendesk

Zendesk builds software for better customer relationships. It empowers organizations to improve customer engagement and better understand their customers. More than 101,000 paid customer accounts in over 160 countries and territories use Zendesk products. Based in San Francisco, Zendesk has operations in the United States, Europe, Asia, Australia, and South America. Learn more at www.zendesk.com.

Return to newsroom

Disclaimer

The press releases contained in this archive section are provided for historical purposes only. The information contained in each press release is accurate only as of the date each press release was originally issued. Zendesk, Inc. disavows any obligation to update the information contained in such press releases after the date of their issuance.