Since 2006, First Data has maintained Privacy Principles, designed to reflect First Data’s continuing commitment to privacy and data protection compliance. The updated Privacy Principles, together with First Data’s internal policies and other key documents, now constitute First Data’s Binding Corporate Rules for Data Privacy and Protection.
First Data’s BCRs were authorized by the United Kingdom’s Information Commissioner’s Office and have been approved by the data protection authorities in 18 European Union member states. The BCRs are designed to enforce a consistent high standard for protecting personal data throughout the organization, and will allow First Data to transfer personal data from the European Economic Area to its affiliates elsewhere in the world—which is prohibited under the European Union Data Protection Directive unless adequate safeguards are in place.
First Data was the eleventh company to be authorized by the Information Commissioner’s Office, making it one of only a handful of companies worldwide that have completed this rigorous process to establish the highest standards of global data privacy practices.