We are committed to providing data privacy and security to our customers in accordance with global regulations and industry best-practices.
We understand that we are being entrusted with your most important business documents and want to ensure that you have all the information you need regarding the safety and security of your business and customer data. In line with our commitment, we have worked hard to ensure Signeasy’s compliance with legal requirements and best practices concerning data security and privacy at all times. We have successfully completed the SOC2 Type 2 assessment which confirms our adherence to one of the most stringent, industry-accepted auditing standards for service companies while providing additional assurance to our customers, through an independent auditor, that our business process, information technology and risk management controls are properly designed and operating effectively.
The General Data Protection Regulation (“GDPR”) is the European Union’s (“EU”) primary data protection and privacy law, which took effect on May 25th, 2018. GDPR was conceptualized to provide and strengthen the right to data protection of EU individuals, and give them a greater say in how organizations collect and handle their personal data. This significantly changed the way personal data is collected, accessed and used.
Broadly, GDPR emphasizes long-standing data protection principles of lawfulness, transparency, accountability, and security to name a few, and imposes a new set of obligations on organizations that offer goods or services to, or monitor the behavior of EU individuals. The applicability of GDPR extends far beyond the EU, to regulate the processing of personal data by organizations located outside the EU as well.
Any organization that is involved in the processing of the personal data of people in the EU must comply with the GDPR.
Even if an organization is not associated with the EU itself, if it is involved in the processing of the personal data of the citizens and people residing in the EU , it is required to comply.
The data protection officer (DPO) is required to ensure that the organization processes the personal data of its employees, customers, or any other individuals (also referred to as data subjects) in accordance with the required data protection rules. This would include tasks such as consistent training as well as performing regular monitoring and audits of the control environment.
GDPR does not impose data residency or localization obligations and organizations are free to choose where they host the data. GDPR prescribes transfer methods which ensure GDPR-equivalent safeguards when personal data is transferred from the European Economic Area (EEA) outside the EEA.
There are certain countries covered by an 'adequacy decision' of the European Commission.
The previously available Privacy Shield framework no longer provides adequate safeguards for the transfer of personal data to the United States from the EEA.
Signeasy takes adequate measures to safeguard the privacy of data that is being transferred to host countries, while the data is at rest and while in transit.
Procuring consent won’t always be the most appropriate or easiest, hence though it is one of the lawful basis for processing, there are five others that need to be considered:
At Signeasy, we are committed to being GDPR compliant and work hard to keep up-to-date with the legislation. We make constant efforts to adopt and maintain industry best practices for data protection and privacy. We continue to make modifications to ensure that, as further guidance emerges from data protection authorities, our process and practices meet new requirements.
If ever you need to know more about our compliance with GDPR, please send an email to [email protected].
The content above is provided for informational purposes only. The information shared here is not meant to serve as legal advice. You should work closely with your legal and other professional counsel to determine exactly how GDPR may or may not apply to you.