Since Bynder’s earliest days, security has been a top priority for our digital asset management solution. And when you promise to keep a customer’s digital assets safe, of course you need to deliver. As a SaaS provider, our system is under constant pressure to make sure we deliver on that promise and stay one step ahead of any external threats or potential vulnerabilities.

Our security promises are not empty promises either: we have completed our ISO 27001:2013 certification and are fully HIPAA compliant. Just this past year, we also achieved PCI-DSS compliancy to ensure we are doing everything we can for the safety of our customers’ assets.

We believe this constant commitment to security really sets us apart from other DAM providers. We always want our users to feel confident that we are safeguarding their digital files day in, day out. But security is an ongoing process, not a destination. To make our DAM as safe as possible, we are in the process of completing our GDPR compliance plan before the 25 May 2018 deadline.

What is GDPR and why is it important for DAM?

In basic terms, the General Data Protection Regulation (GDPR) aims to strengthen and unify data protection for all individuals within the EU. It is set to replace the existing data protection regulation (Directive 95/46/EC) that was set up in 1995—and thus due for an upgrade.

In the past, the EU has set up separate international standards to manage the security of European data abroad—examples being the Safe Harbor or Privacy Shield programs for data transfers to the US. Yet in the modern age, this separatist and patchwork approach to data protection is becoming increasingly inadequate to deal with the security threats of today—particularly in light of recent privacy breaches.

In response, the EU decided it was time to ‘harmonize’ current data privacy laws in Europe and provide greater protection of individual rights. GDPR improves on the old directive by strengthening rules on breach notifications, citizen rights, and international data transfers (especially relating to countries lacking an adequate standard of protection).

At the same time, the GDPR gives teeth to those regulations by imposing significant fines for those violating its rules (up to 4% of a company’s annual global revenue, or €20m—whichever is higher).

Furthermore, a key component of the GDPR is that it has extraterritorial application. This means that the influence of the GDPR is not limited to the location of your data. It applies to the personal data of all EU citizens and residents, wherever it is stored, worldwide. All organizations dealing with such data will have to comply—or face a hefty fine.

Why is Bynder becoming GDPR compliant?

Bynder always strives to protect the data of its users and respect their personal privacy, regardless of where they are from. That is why we are taking the lead in implementing GDPR to show the industry that it’s not only the right thing to do, but it’s what our users deserve for placing their trust in us.

By implementing GDPR standards here at Bynder, it gives us and our users peace of mind knowing that we have greater control over where your data is stored and who can access that data. That, in turn, helps to establish a more positive relationship between us and our customers.

What are the next steps?

GDPR is clearly a hot topic right now, and companies across every industry will likely face challenges in implementing it correctly before the 25 May 2018 deadline. That’s why we’ve taken proactive steps in preparing more than a year in advance.

By taking such active measures, we have continued confidence in our ability to deliver state-of-the-art security and maintain firm control over our business processes. That way, we can be as transparent as possible with you about our progress and initiatives moving forward.

If you are working on your own GDPR compliancy, we’re producing documentation to help you understand how Bynder manages your data. Follow our timeline below to find out when we’ll be releasing the relevant material:

  • Data Processing Agreements - Available as of December 2017
  • Data Mapping input  - Available as of December 2017
  • ISO 27001:2013 Certification, Annex A, SoA - Available now, under NDA or as Customer
  • ISO 27018:2014 addendum - Available as of January 2018, under NDA or as Customer

TL;DR: Bynder will be compliant with the new EU data protection regulation by 25 May 2018. If you have any questions, feel free to reach out to privacy@bynder.com.