In our last blog we discussed the General Data Protection Regulation (GDPR), what it is, how it will affect your business, and what measures you should take to ensure you are not at risk from the huge fines that will come with breaking the rules of the new legislation. Businesses must look to their compliance and security procedures to make sure that they do not fail to meet the new standards.
The GDPR aims to ensure that companies handle data with visibility, responsibility and accountability, and a digital signature provider like E-Sign can help with all of these goals. Here we’d like to show how E-Sign can help close the liability-gaps in two specific areas covered by the GDPR; consent and data contracts.
In the old-days the internet was a Wild West of personal data collection, with opt-out clauses being tiny tick boxes, and data being gathered, shared and used for purposes that individuals neither agreed to or knew about. The GDPR is the new sheriff in town, setting out bring the rule of law to the modern digital landscape. Permission to gather, share and use an individual’s data must now be:
- 1 Informed
- 2 Specific
- 3 Documented
Basically, an individual has the right to know exactly how, where and why their data will be used. They must explicitly agree to this usage, they must be able to see the extent of the data a company holds about them, and they have a ‘right to be forgotten’ and their data be deleted should they wish it. With all these new stipulations in place, businesses must have documentation proving that consent has been explicitly given, this is where E-Sign comes in, as the electronic signatures allow companies to demonstrate consent with a court admissible, tamper-proof documents with supporting advanced audit trail.
This detailed record of consent, the audit trail of the signature, along with the high level of security that E-Sign employs, are all in line with the GDPR’s goals of visible, accountable and responsible data handling.
Clearing up contracts - Data controllers and processors
In the big ecosystem of information, you need to know your place, and your role. Many businesses operate under a number of different legal definitions, when it comes to data the GDPR wants to make clear who is accountable and responsible for the security and usage of data throughout its existence. Two important designations are that of Data Processor and Data Controller. These roles are defined by the Information Commissioner’s Office as;
- 1 Data controller:
a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.
- 2 Data processor:
in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller.
For example, if you are an estate agent, given personal information by a prospective buyer, then you are the data controller. If you then contract a referencing company to back check the buyer based on that information, they are the data processors. Data processors work on behalf of the data controller, and the data controller retains some responsibility and liability for the individuals’ data.
The clear relationship between data processors and controllers is key to the accountability ethos of the GDPR. Contracts between the two entities must be clear and documented. Again, E-Sign can help with this. E-Sign’s software can simplify the process of updating contracts to contain the terms GDPR requires, by streamlining the contract workflows and accelerating the procurement process. Electronic signatures also give companies complete visibility of where each document is, who created it, how many times it has been viewed, who has signed it, who is yet to sign it, and with ability to send reminders to prompt people and aid the process. E-Sign’s process is the epitome the of GDPR’s visibility, accountability and responsibility.
Visible, Accountable, Responsible
Unlike a hand signature, which is generally the same mark on every document, E-Sign’s advanced electronic signature is 100% unique to every document.
Signatory identity verified via:
- Email address
- IP address
- Time and date stamping
- Web browser and system information
- Sender can request any information they require which becomes embedded into the signature and document
E-Sign provides the following within its advanced electronic signature to ensure every document that is sent is secure and legally admissible.
- Digital signature certificate
- Time and date stamp
- 256-bit SSL encryption
- Detailed document audit trail from inception to completion
- Document integrity maintained and checked throughout the signature process
- Secure storage of documents and data
- Identification of users verified
- Unique digital fingerprint created for every signed document and every signatory
Hopefully this brief overview has given you an idea of two key issues to prepare for before the GDPR comes into effect, and how E-Sign could help your business lead the way in matters of security and accountability when it comes to data.