General Data Protection Regulation (GDPR)
In July 2015, BMC became the world's first IT management provider to get its European Data Privacy Binding Corporate Rules (EU BCR) approved by European data protection authorities, both as a Controller and a Processor.
Building on its BCR engagement, BMC has kept data privacy as a priority and has invested considerable time and resources in its preparation for the European General Data Protection Regulation (GDPR). GDPR is therefore an ongoing program, ensuring that BMC is and remain fully compliant.
As part of this program, BMC has reviewed its software products, solutions and services so as to address its processor’s obligations.
BMC also provides assistance to its customers with regard to their obligations under GDPR, such as data subject requests (access, rectification, objection, erasure, etc.), records of processing activities and PIAs in accordance with GDPR.
Finally, BMC has updated its BCR to incorporate GDPR requirements and notified its European Lead Data Protection Authority (CNIL) of the changes. For more information, please see BMC amended EU BCR Policy.
In February 2024, BMC’s UK Binding Corporate Rules (UK BCR) have been approved by the UK Information Commissioner’s Office (ICO), both as a Controller and a Processor. Following Brexit, all holders of EU BCRs wishing to continue to rely on BCRs for their intragroup data transfers under UK law had to apply to the ICO to have their BCRs approved in the UK.