In this blog, we discuss how your business can prepare for the upcoming GDPR deadline - including what you need to know.
The General Data Protection Regulation (GDPR) will come into force in May 2018 across the EU, changing the way businesses record and store personal data. A year from now may seem a way off but businesses need to consider their GDPR strategies sooner rather than later to ensure compliance.
What is GDPR?
GDPR’s main objective is to define the responsibility of businesses that hold personal data and ensure security. It also introduces increased fines for data breaches.
The Information Commissioner’s Office (ICO) is currently still publishing guidance on the upcoming regulation, though the main principles have been outlined.
Transparency and accountability are key and businesses need to be able to prove to customers and the government that they are committed to securing sensitive personal data and using it as stated.
It is important to remember that GDPR will apply to EU Member States, as well as any company that has information on EU citizens. It means almost all businesses will be affected by the change in regulation.
GDPR compliance through documentation
One of the main elements of GDPR is the “accountability principle”. It requires a company to demonstrate that they comply with GDPR principles and explicitly state their responsibility over the personal data they hold on individuals.
Businesses will need to ensure they are transparent about data processing with customers. They must clearly state how and what personal data will be used for and the retention period of personal data.
Any consent given to use personal data must be verifiable – through a record of how and when consent was given.
The ICO states that “silence, pre-ticked boxes or inactivity does not constitute consent”. Businesses must receive clear consent to use any personal data.
How SigningHub helps with GDPR compliance
An Advanced Electronic Signature (AES) could be an option for businesses to demonstrate and document consent. It provides proof of the identity and consent as it is uniquely linked to the signer, as well as prevents any unauthorised changes to the document.
The long-term verification of an AES can also be used for proof of compliance and documentation for GDPR. It would help businesses comply with 5(2) of GDPR, maintaining relevant documentation on processing activities.
Advanced signatures following the ETSI PAdES standards ensure documents cannot be altered and provide long-term verification.
With SigningHub there is also the capability to place signing markers in documents to ensure signers have thoroughly read specific key information.
Documents of consent that are signed with secure eSignatures could help businesses ensure compliant GDPR practices and provide documentation should regulators ever come knocking or if customers request evidence.
Find out more about the different types of eSignature here.