What is GDPR?
The EU General Data Protection Regulation, better known as GDPR, is one of the most comprehensive privacy and security laws in the world, effective as of May 25, 2018. This regulation was implemented by the EU to harmonize data privacy laws across Europe; protect and empower all EU citizens’ data privacy; give people more control over their personal data, and reshape the way organizations approach data privacy.
At Bynder, we have worked hard to become GDPR compliant, as this new regulation affects us too. Given the importance of GDPR regulations for our customers, partners, and other relevant stakeholders, this page aims to promote transparency, understanding, and on-going updates on how Bynder is approaching GDPR compliance—now and in the future.
Who does GDPR apply to?
GDPR applies to any entity or company that processes personal data as part of business activities within the EU. Additionally, the regulation is also applied when an organization is not established in the EU, but still offers products/services and/or is monitoring the behavior of individuals within the EU.1
How does GDPR affect data transferred outside of the EU?
GDPR allows personal data to be processed outside of the EU when specific arrangements are made to ensure an adequate level of data protection. Bynder has data processing agreements in place with its relevant processors and controllers (including Standard Contractual Clauses for data transfers between EU and non-EU countries) to help safeguard situations whereby personal data is transferred to third countries which do not ensure the appropriate level of data protection.
Rules that companies/entities must adhere to
Personal data must be processed in a lawful and transparent manner; there must be specific purposes for processing the data and those purposes must be indicated to individuals when collecting their personal data; only the personal data that is necessary to fulfil a purpose can be collected; personal data cannot be stored longer than necessary for the purposes for which it was collected; and organizations must install appropriate technical and organizational safeguards that ensure the security of the personal data.2
How does Bynder comply with the GDPR?
Whether we are offering our digital asset management solution to customers, contracting with suppliers, or hiring new people: Bynder collects, uses, processes, transfers, and stores personal data.
Bynder identifies all the personal data that is being processed and defines the purpose of this processing in order to determine how the collected data is used, and provide appropriate visibility and transparency.
Bynder has been developing systems and procedures to implement GDPR principles into our system, data, and business practices.
Additionally, considering data privacy also requires strict data security, Bynder has implemented processes and procedures to ensure the necessary security levels, i.e. encryption and anonymization of personal data; the creation of processes for data breach notification activities, and the advancement of employee awareness.
1 European Commission. Who does the data protection law apply to? Available here. Accessed on 10 January 2020.
2 European Commission. What data can we process and under which conditions? Available here. Accessed on 10 January 2020.
Please note that this page simply provides background information to help you understand how Bynder addresses some legal points regarding GDPR, and is not legal advice.