Top of Page


Links to move inside this page.

  1. HOME
  2. About IIJ
  3. News / CSR
  4. Press Releases
  5. 2017
  6. IIJ Launches the IIJ Business Risk Management Portal to Support Compliance with the EU's New Personal Data Protection Regulation, GDPR

IIJ Launches the IIJ Business Risk Management Portal to Support Compliance with the EU's New Personal Data Protection Regulation, GDPR

The Portal Provides Commentary on Guidelines and the Latest News,and Helps Japanese Companies Doing Business in the EU Become GDPR-Compliant

July 10, 2017

TOKYO-July 10, 2017-Internet Initiative Japan Inc. (IIJ, NASDAQ: IIJI, TSE1: 3774), one of Japan's leading Internet access and comprehensive network solutions providers, today announced the launch of its IIJ Business Risk Management Portal, a service that offers support for compliance with the new General Data Protection Regulation (GDPR), which stipulates a framework for personal data protection in the EU. IIJ's web portal provides Japanese companies doing business in Europe with commentary on GDPR guidelines and related news, information on seminars, and self-assessment tools, among other services.

GDPR is a new EU regulation that stipulates the legal requirements organizations must meet when processing personal data in the EU and when transferring personal data from within the EU region to other countries. This law takes effect on May 25, 2018. Companies that violate the GDPR are liable to fines of up to four percent of their corporate group's global annual revenues, or EUR20 million, whichever is higher.

To avoid the risk of such high fines, companies that handle personal data within the EU must review their frameworks for handling such data. Nevertheless, companies in Japan have not made progress in their awareness of or preparations for GDPR-related information. Their management, legal staff, and IT managers are largely assumed to be uncertain about how to respond to this regulation.

As one step toward compliance with the GDPR, IIJ has submitted its Binding Corporate Rules (BCR)-the documented, unified personal data management rules used across the IIJ Group—to the UK's Information Commissioner's Office (ICO). This submission, dated October 14, 2016, was part of the preparations made for receiving approval for its personal data management policy.(*1) This web portal will provide practical, helpful content by leveraging the knowledge IIJ gained from its efforts to conform to the latest EU legislation and its early initiative to become GDPR compliant, in cooperation with its local European affiliates.

Through the use of this web portal, IIJ's customers will get the latest news on the GDPR and on procedures for implementing compliance projects, allowing them to easily assess their own systems and management structures vis-a-vis the new legal requirements, and to swiftly take measures after identifying problem areas within their organizations. Furthermore, to meet its customers' needs, IIJ will support their business risk management policies by providing comprehensive GDPR compliance support services, from consulting to suggesting and deploying optimal IT solutions.

Overview of the IIJ Business Risk Management Portal

At launch, the portal will provide GDPR-related news and support functions. From 2018, IIJ will flesh out the content so that the site handles all aspects of enterprise business risk policy.

Content Summary

Category Feature Summary Release date
Basic features
(Partially paid)
Getting started with GDPR Provides a simple, step-by-step explanation of the work required to become compliant with GDPR At launch
Guidelines for GDPR compliance Provides the work required and the legal basis for this work, while referencing the original GDPR text and other related documentation on an article-by-article basis. At launch
Commentary on GDPR-related documentation Provides commentary on the guidelines that supplement the original GDPR text, as these guidelines are made available. At launch
News Provides news related to fines levied in the EU (mainly from the UK, France, and Germany). Furthermore, it will regularly release analyses of what violations were exposed and the main reasons for fines being reduced. At launch
Seminar information Informs users of practical guideline seminars, which are held from time to time. At launch
Options Self-assessment Clearly lists to what degree user companies' current personal data-handling tasks adhere to the GDPR and displays recommended measures to take and recommended priority levels for still non-compliant issues. Other functions include a comparison with other companies in the same industry and a comparison with internal PDCA improvements. Scheduled for September 2017
Inquiry response IIJ will respond to inquiries related to GDPR. Scheduled for September 2017
DPO assistant IIJ will assist DPOs acting as agents for work required in the EU, such as acting as liaisons with supervising bodies. Scheduled for February 2018
Assistant for reporting data protection violations within 72 hours When violations occur, IIJ will act as an agent in reporting violations to supervising bodies within 72 hours. Scheduled for March 2018

Contracting Fees

Membership type(*2) Cost Options(*3) Notes
Free membership Free - Users can browse various content for free (restrictions on type of content and number of visits)
Basic membership JPY3,480/month - Intended mainly for lawyers and individuals in the consulting industry
Advanced membership JPY15,000/month
  • Self-assessment
  • Inquiry response
  • DPO assistant
  • Assistant for reporting data protection violations within 72 hours
Each additional account: ¥3,000 per month
  • (*1)See the press release dated October 26, 2016, titled "The IIJ Group has submitted its Binding Corporate Rules to UK Information Commissioner's Office, IIJ Group is now preparing for the new EU regulation on personal data protection": https://www.iij.ad.jp/en/news/pressrelease/2016/1026.html
  • (*2)Free memberships and basic memberships are monthly agreements, while advanced memberships are annual agreements.
  • (*3)Fees are not yet fixed.

IIJ will continue to support the business risk management policies of its customers by providing high value-added services.

About IIJ

Founded in 1992, IIJ is one of Japan's leading Internet-access and comprehensive network solutions providers. IIJ and its group companies provide total network solutions that mainly cater to high-end corporate customers. IIJ's services include high-quality Internet connectivity services, systems integration, cloud computing services, security services and mobile services. Moreover, IIJ has built one of the largest Internet backbone networks in Japan that is connected to the United States, the United Kingdom and Asia. IIJ was listed on the U.S. NASDAQ Stock Market in 1999 and on the First Section of the Tokyo Stock Exchange in 2006.

The statements within this release contain forward-looking statements about our future plans that involve risk and uncertainty. These statements may differ materially from actual future events or results. Readers are referred to the documents furnished by Internet Initiative Japan Inc. with the SEC, specifically the most recent reports on Forms 20-F and 6-K, which identify important risk factors that could cause actual results to differ from those contained in the forward-looking statements.

For inquiries, contact

IIJ Corporate Communications

Get Adobe Acrobat Reader


End of the page.

Top of Page