Despite the myriads benefits that come with digitalization, there is a critical issue that can’t be disregarded any longer: the appropriate and inappropriate use of data in digital form. Digital data has been easily accessible to organizations, and privacy laws in recent past have been almost non-existent. The 1995 Data Protection Directive created by the European Union is now obsolete as technology has evolved over the years. Driven by various privacy scandals and data leaks, the EU revised this directive by introducing The General Data Protection Regulation (GDPR).
The GDPR is a new and tight directive that aims to improve protection for personal data and harmonize the different laws surrounding it among EU member states.
Who is affected by GDPR?
Beginning May 25, 2018, any organization that processes and holds personal data of EU citizens will be affected. It doesn’t matter if that organization is based in the EU or elsewhere. Organizations who fail to comply with this regulation risk serious penalties. The minimum fine for defying the new rule amounts to twenty million Euros or 4% of the organization’s global turnover (whichever is higher).
Meeting GDPR requirements with e-signatures
In light of the fresh requirements, many organizations must seriously review their data handling processes, the applicability of GDPR, and the things they may need to implement to ensure compliance.
Here is how electronic signatures can help you seal the liability-gaps in two key areas targeted by the GDPR: data contracts and consent.
1. Clear consent
In the old days, personal data collection was less regulated. Data was shared and used sometimes for reasons that individuals neither knew about nor agreed to. The GDPR rule has come to change all this. It is the new sheriff in town. It sets out to introduce the rule of law to the present-day digital landscape. From May 25, 2018, permission to gather, use, and share a person’s data must now be:
A person has the right to precisely know how, why, and where their data will be used. Basically, according to GDPR, a person:
- Must explicitly consent to this usage,
- Should be able to confirm the extent of the data an organization holds about them,
- Have a right to have their data deleted should they wish (right to be forgotten).
With all these new regulations in place, organizations must have proof showing that permission has been explicitly granted, and this is where electronic signatures come in. The detailed documentation of consent, the audit trail and high-level of security that e-signature solution offers are all aligned with the GDPR’s goals of accountable, visible, and responsible data handling.
2. Data controllers and data processors
Different organizations operate under different legal definitions. GDPR wishes to spell out clearly who is responsible and accountable for the usage and security of data between data processors and data controllers.
- Data controller – This is a person or party that ascertains the way in which any personal data is to be processed.
- Data processor – This is any person or business that processes the data or information on behalf of data controllers.
For instance, if you are a real estate professional, and you are sent personal information to a potential buyer, then obviously you are the data controller. However, if you go ahead and contract a referencing firm to authenticate the buyer’s details, then this firm is the data processor.
Contracts between the processors and the controllers should be clear and documented. Again, electronic signatures become handy on this. E-signature solutions can ease the process of updating agreements to become GDPR compliant. Also, e-signs give organizations complete visibility of where every agreement is and which party is yet to sign it. Signing documents electronically is the epitome of GDPR’s accountability, visibility, and responsibility.
With the GDPR, EU member states have made a powerful statement in regards to personal data protection. The fines linked to a violation of the GDPR regulation will oblige companies to leap in before May 2018. In fact, getting and remaining compliant with the General Data Protection Regulation, should be top on any company’s legal and IT priority list.
Hope this article has given you an overview of two key areas to prepare for before the regulation becomes active, and how top digital signature solutions like eSign Genie can help your organization be on the forefront in matters accountability and security when it comes to personal data.