This approval follows a 2011 decision from the ICO granting First Data its Controller BCR, which specifically applies to the transfer of employee data across countries. First Data is now the first payments technology company to be approved for both BCRs, underscoring the strength of the company’s data privacy protection framework. 

Approval by the ICO reinforces that First Data’s data privacy principles are aligned with the European Union’s (EU) Data Protection Directive, which is recognized as the most rigorous data privacy framework in the world. BCRs are considered the platinum standard for compliance with the EU directive. 

“We are committed to setting the industry standard for superior data privacy protection,” said Cindy Armine-Klein, Chief Control Officer at First Data. “By conforming to the strict data privacy standards set forth by the EU, we can offer our clients the peace of mind that comes with knowing they have a trusted partner managing their data.” 

“First Data should be commended for its commitment to the concept of binding corporate rules and for the respect for the privacy of individuals that this demonstrates,” said David Smith, ICO Deputy Commissioner. “The ICO welcomes approaches from multi-national organizations that need to share personal information within their own group, but outside Europe and who want to use binding corporate rules to enable that.” 

As one of the first companies in the world to receive a Processor BCR, First Data can now operate under a common set of principles and processes to meet global data privacy standards.