The General Data Protection Regulation (GDPR) is a new EU data privacy law designed to protect EU citizens’ personal data and to reshape the way companies approach data privacy. It will take effect on May 25th and SendBird is preparing for compliance in the meantime.
We’ve already made significant strides in adhering to regulations pertaining to security, data protection and privacy from our compliance with the EU-U.S. Privacy Shield framework to our current efforts to meet the standards set out by SOC 2, ISO 27001, HIPAA and GDPR. We have set up an internal Trust and Safety team, led by one of SendBird’s founders, Brandon Jeon, so that we can prepare our company and our customers for diverse compliances and protect them from various security issues.
The Trust and Safety team’s continuing goal is to understand the landscape of existing and new regulations in an increasingly data-driven world, and to guide SendBird to act in such a way as to protect our customer’s data.
What is GDPR?
The EU General Data Protection Regulation (GDPR) is a comprehensive privacy framework that gives EU residents more control over their personal data and harmonizes data privacy laws across Europe. After four years of preparation, GDPR will replace the Data Protection Directive 95/46/EC and will take effect on May 25, 2018.
SendBird’s GDPR Readiness
SendBird recognizes the importance of protecting personal data. Protecting the privacy of our customer’s data (and their customer’s data in turn) is an underlying current in all of our 7 core values. Understanding that GDPR might apply to some of our customers, we are committed to assisting our customers by becoming GDPR compliant ourselves and by providing proper support for them.
We are redesigning our data processing practices based on the main principles of GDPR relating to processing of personal data and other applicable rules. We are building a corporate governance structure that will enable us to efficiently, flexibly, and sustainably meet any applicable requirements of GDPR. Also, we will strive to enhance the transparency of our data processing practices and to safeguard the personal data which our customers have entrusted to us.
New Features for GDPR
GDPR requires careful, transparent, and clear procedures when dealing with a customer’s first interaction with our service. SendBird has begun designing a new dashboard to clearly display the user’s rights and authority when using our service and data and to be as transparent as possible from sign-up to unsubscribe.
In regards to data portability, SendBird already provides Data Export and Migration features, however, we are preparing new versions to meet the exact requirements for GDPR. For compliance around messaging data, we allow dashboard users the option to set location restrictions on data to Europe and we are in the process of confirming that there isn’t a conflict with GDPR obligations.
SendBird has put together a team of internal and external experts to help solve issues on compliance, privacy and security. Our Trust and Safety department is dedicated to solving these issues, which is why we work with a consulting firm to address our information security and a law firm to handle concerns on compliance and privacy security.
Plans For Other Certifications and Compliance
GDPR, HIPAA, COPPA and other compliance issues are not mutually exclusive, therefore SendBird considers all of our users data to be a top priority, and we are striving to do everything in our power to be compliant in all rules and regulations. In 2018, SendBird is also preparing to complete the SOC 2 Report (type 2), preparing certifications for ISO 27001 and finalizing steps to be HIPAA compliant.
SendBird is certified for International Data Transfers with our compliance to the EU-U.S. Privacy Shield Framework as it is established by the U.S. Department of Commerce and the European Commission. We also adhere to the Privacy Shield Principles regarding the collection, retention and use of a customer’s personal information.
SendBird is in the process of reviewing all of our partners’ compliance with GDPR obligations and their readiness for GDPR.
We understand our customers and prospective customers concerns on GDPR. SendBird has made GDPR our top priority since last year, and we are working our hardest to be compliant but also transparent throughout the process. We hear your questions and we hope that this has answered some of the questions you had for us, but also we hope this helps you understand our readiness and efforts to be compliant with GDPR.
If you have any other questions about GDPR or other certifications and compliance, feel free to reach out at [email protected].