On May 25th, the much debated EU General Data Protection Regulation, better known as GDPR, came into effect. This regulation was designed by the EU to harmonize data privacy laws across Europe, to protect and empower all EU citizen’s data privacy and to reshape the way organizations approach data privacy.
At Bynder, we have worked hard to get our company GDPR compliant, as this new regulation affects us too. Since it is important for our partners, customers, and many others to have a greater understanding of how this process has and will evolve, Bynder created this page to share updates regarding our way to getting GDPR compliant.
Whether we are offering our digital asset management system to customers, contracting with suppliers or hiring new people: Bynder collects, uses, processes, transfers, stores, and shares personal data.
Bynder identifies all the personal data that is being processed and defines the purpose of this processing, in order to determine how the collected data is used and provide the necessary visibility and transparency. This includes assessing third parties Bynder is cooperating with, which process personal data as well.
The GDPR offers individuals (data subjects) the right to access, which allows them to see a copy of the information we have and which could lead to a request to delete, export or change this information. Bynder, therefore, has been developing systems and procedures to export or delete data in the most efficient way possible. We additionally have enhanced our product by providing access points and creating provisions in our legal documentation to point out rights of data subjects.
At last, the ongoing evolutions regarding data privacy also require more strict data security. Therefore, Bynder has been implementing processes and procedures to assure the necessary security levels, such as encryption and anonymization of personal data; the creation of processes for data breach notification activities, and improve employee awareness.
As stated, this is an ongoing process.
Bynder is currently setting up processes within the entire company in order for users to easily request their personal data be erased from our systems.
Although the GDPR does not prohibit personal data to be processed outside of the EU, specific arrangements need to be made to ensure an adequate level of data protection. Bynder has a Data Processing Agreement in place with the relevant processors and controllers, including Standard Contractual Clauses for data transfers between EU and non-EU countries, to safeguard the situation in which personal data is transferred to third countries which do not ensure an adequate level of data protection.
DISCLAIMER: This page provides background information to help you understand how Bynder addresses some legal points regarding GDPR, but is not legal advice for your company to use in complying with EU data privacy laws like the GDPR. Additionally, please be aware that this general information does not prevail over any agreement between you and Bynder.