E-Sign explains what the new legislation means for you and your customers when processing electronic document transactions.
The General Data Protection Regulation (GDPR) is a new raft of legislation (part of Article 8 of the European Convention on Human Rights) that aims to bring the laws regarding data into line with the realities of the Information Age.
It is the biggest change in information security legislation since the Data Protection Act of 1998, and is part of an EU policy that aims to make companies accountable for the security of the data they hold, and enforce serious fines if they do not measure up to the new standards of responsibility.
It is a huge sea-change in our business and technological landscape, with a complex set of standards to adhere to and eye-watering fines (up to €20 million or 4% of global turnover, whichever is the higher) for non-compliance.
The legislation will give comprehensive oversight on all data-related issues, and will effect almost every business that deals with customer data on any level. It will include:
The (GDPR) was approved and adopted by the EU parliament in April 2016 and came into effect into effect on 25 May 2018. GDPR does not require any enabling legislation to be passed by government (unlike Europe’s Data Protection Directive 95/46/EC), meaning it will be in force across the EU after 25 May 2018.
No. The UK government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR. All companies processing and holding the personal data of subjects residing in the EU must comply with it.
One of significant features of the GDPR is about making it clear to individuals what and how their personal data is being used, by whom and for how long. Data controllers will be required to be transparent about what data is being processed and for what reasons. Companies must handle data with transparency, competency and accountability. The legislation recognises the value of data, both in terms of personal privacy of your customers and data as a resource that can be bought and traded.
Individuals must also be informed what their data is being used for. Contact details must also be made available in respect of any part of the data controller’s data processing actions. Another of the most important changes involves strengthening the standards of obtaining consent to process data. Failure to obtain proper consent to process data, which includes contacting individuals, risks substantial fines.
The simple answer is, “Yes”. E-Sign is ISO 27001 compliant with robust security safeguards in place. E-Sign continues to monitor the regulator guidance and interpretations of key GDPR requirements, ensuring compliance with the General Data Protection Regulation (GDPR) by 25 May 2018. E-Sign also aligns with the intention as well as the detail of the GDPR, as using E-Sign’s digital signature platform increases both the security and the accountability of your transactions and data.