Home |
E-Sign explains what this legislation means for you and your customers when processing electronic document transactions.
The General Data Protection Regulation (GDPR) is a set of legislation (part of Article 8 of the European Convention on Human Rights) that aims to align data laws with the realities of the Information Age. It represents the most significant change in information security legislation since the Data Protection Act of 1998 and is part of a European Union policy holding companies accountable for the security of the data they hold. Serious fines are enforced if they fail to meet the new standards of responsibility.
The legislation consists of a complex set of standards that companies must adhere to, with substantial fines (up to €20 million or 4% of global turnover, whichever is higher) for non-compliance. It provides comprehensive oversight on all data-related issues and affects almost every business dealing with customer data on any level.
Yes. E-Sign is ISO 27001 compliant with robust security safeguards in place. E-Sign continues to monitor regulatory guidance and interpretations of key GDPR requirements, ensuring compliance with the General Data Protection Regulation (GDPR). E-Sign also aligns with the intention and detail of the GDPR, as using E-Sign’s digital signature platform increases both the security and accountability of your transactions and data.
The EU has some of the world’s most stringent and extensive regulations regarding data exports. The transfer of personal data from the European Economic Area (EEA) to non-EEA nations that do not guarantee an “adequate level of data protection” is forbidden by European data protection laws. Multinational corporations find Binding Corporate Rules (BCRs) to be the most suitable mechanism for legal exports.
BCRs, regarded as the gold standard for data protection, impose stringent guidelines on all corporate family members. Under the GDPR, BCRs are accepted as a means of safeguarding European data subjects’ privacy, as well as their fundamental rights and freedoms, and enabling the legitimate transfer of data outside of the European Economic Area.
The processor (E-Sign) shall notify the controller (Customer) “without undue delay” upon becoming aware of a personal data breach, in accordance with GDPR Article 33 (2). E-Sign will designate one or more channels of communication to effectively notify impacted customers in the event of a data breach that necessitates notification to them.
As mandated by GDPR, E-Sign offers its clients extra terms for data processing, such as the need to obtain safeguards from any sub processor.
As a data importer, E-Sign complies with the following important guidelines:
The GDPR was approved and adopted by the EU parliament in April 2016 and came into effect on May 25, 2018. GDPR does not require any enabling legislation to be passed by the government (unlike Europe’s Data Protection Directive 95/46/EC).
One significant feature of the GDPR is making it clear to individuals what and how their personal data is being used, by whom, and for how long. Data controllers will be required to be transparent about what data is being processed and for what reasons. Companies must handle data with transparency, competency, and accountability. The legislation recognizes the value of data, both in terms of personal privacy of your customers and data as a resource that can be bought and traded.
Individuals must also be informed about what their data is being used for. Contact details must also be made available in respect of any part of the data controller’s data processing actions. One of the most important changes involves strengthening the standards of obtaining consent to process data. Failure to obtain proper consent to process data, which includes contacting individuals, risks substantial fines.
Personal data refers to any information that relates to an identified or identifiable individual. This information can be used, directly or indirectly, to identify a specific person. Personal data can be collected, processed, and stored in various forms, including physical records and electronic formats. Some common examples of personal data include: