Yasufumi Hirai, Group EVP, CIO & CISO Rakuten, Inc.

Rakuten last year became the first Japanese company to implement stringent European privacy rules, adopting binding corporate rules to treat personal data anywhere in the world in accordance with European standards.  Today, we are preparing to take additional steps forward to comply with Europe’s new General Data Protection Regulation (GDPR).

The GDPR comes into effect in May. It replaces 1995 EU Data Protection Directive, strengthening the rights of EU citizens and placing new obligations on all organisations that offer goods and services online.

Our binding corporate rules already assure our customers, merchants and employees that their personal information is protected, regardless of where the data resides. We tell our users what information we collect and how we use it in our privacy policies on our various websites. By caring for our customers’ data, we believe our customers will benefit from that assurance when they purchase from our merchant partners.

In advance of GDPR, we’re introducing additional safeguards. As the law requires, we’ve appointed a new data protection officer in Europe. We’ve also launched a review of our services across-the-board and will continue to work on improving our standards and processes.

Both companies and data protection authorities are moving into uncharted territory with GDPR. “We will have a learning curve,” acknowledges Isabelle Falque-Pierrotin, who heads France’s privacy regulator, the Commission Nationale de l’Informatique et des Libertes “We will have to adjust.”

Over the coming months, we’ll be working with the relevant regulatory officials to fine tune our compliance. One thing that you can be assured of: Rakuten takes its data protection responsibilities seriously and is committed to upholding the highest of data protection standards.