The digital asset management firm, headquartered in Amsterdam but with a major US presence, sees GDPR as a competitive advantage as well as an obligation.
Digital asset management firm Bynder is almost ready for GDPR Day.
That’s May 25, when the European Union’s General Data Protection Regulation goes into effect for companies doing business with EU citizens, wherever they are.
We checked with the Amsterdam-based firm to see how it’s preparing for the biggest day in data privacy history.
With a major American presence anchored by a Boston office, its product line in the cloud and customers like Spotify, Puma, Lacoste and KLM, Bynder is one of those companies that lives every day in both the EU and non-EU markets.
The company was already perhaps 75 percent toward GDPR compliance when the new regulation was passed, legal counsel team lead Madeleine Gorman told me, because of the existing EU privacy requirements.
Nevertheless, the remaining 25 percent has involved a lot of prep. Bynder has conducted a complete audit of its data and systems, implemented new processing and controlling policies and conducted extensive training.
But, Gorman said, the company didn’t need to revamp its data management or infrastructure. From the beginning of the company, she added, “we’ve done a lot the way it should have been done.”
GDPR-specific compliance has been on the company’s radar for the past two years, she noted, with the effort turning particularly serious since the spring. At this point, the remaining tasks are primarily some additional drafting of policy documents.
I asked how Bynder is handling the task of getting user consent. Under GDPR, companies need to get user consent for each use of their private data.
‘A major competitive advantage’
Of course, if Bynder wants to use personal data for other purposes, it will need to get permission for those different uses.
As for getting existing user data into shape for such actions as user requests for deletion, Gorman noted that GDPR gives companies up to two years to cleanse their old data.
Bynder hasn’t yet hired a Data Protection Officer, a position that GDPR encourages for major companies, but Gorman said her firm does have a Data Protection Office composed of several existing staff members. But the company expects to hire a DPO by the time GDPR Day rolls around.
Although Bynder is required to conduct itself in GDPR-compliant ways only for its customers who are EU citizens, it will be handling non-EU customers the same way.
And the company feels that US firms should look at GDPR as an opportunity.
“Any US business that wants to make business with an EU company should comply with GDPR,” Bynder CMO Lidia Luttin told me, adding that such American firms will then have “a major competitive advantage” among users interested in privacy.
But, she noted, some “US companies don’t seem to get it, [given that] we’ve had some tell us they don’t intend to become compliant.”