This blog discusses how your business can comply with the General Data Protection Regulation (GDPR).
This data protection law came into force in May 2018, changing how EU businesses record and store personal data. While it has now been in effect for years, businesses still need to ensure their data practices are GDPR-compliant.
What is the General Data Protection Regulation?
The regulation’s main objective is to define the duty of businesses that hold and process personal data. It introduced increased fines for data breaches to ensure companies take data security seriously.
Transparency and accountability are key. Businesses must prove to customers and the government that personal data is secure and used as stated.
GDPR applies to EU Member States and any company holding data on EU citizens. This means that the regulation affects almost all businesses.
GDPR: Data protection principles
The regulation sets out seven data protection principles related to processing personal data. These principles are important to understand, especially for data controllers:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
GDPR compliance through documentation
As mentioned above, one of the main elements of GDPR is the accountability principle. It requires a company to demonstrate it complies with the principles and explicitly state its responsibility over the personal data it holds.
Businesses need to ensure they are transparent about data processing with customers. They must clearly state how they will use personal data, what data they will use and the retention period.
Consent given to use personal data must be verifiable through a record of how and when it was granted.
The ICO states that “silence, pre-ticked boxes or inactivity does not constitute consent”. Businesses must receive explicit consent to use any personal data.
How SigningHub helps with GDPR compliance
An Advanced Electronic Signature (AES) is an option for businesses to demonstrate and document consent. This eSignature type is linked to the signer, providing proof of identity and consent. It also prevents any unauthorised changes to the document.
This signature can also be used to prove compliance and documentation. It would help businesses comply with 5(2) of GDPR, maintaining relevant documentation on processing activities.
Advanced signatures following the ETSI PAdES standards ensure documents cannot be altered and provide long-term verification.
SigningHub provides the capability to place signing markers in documents. This ensures signers have thoroughly read specific information.
Documents of consent signed with secure eSignatures could help businesses ensure compliant GDPR practices and provide documentation should regulators ever come knocking or if customers request evidence.
Find out more about the different types of eSignature.
