May 25th marks one of the most significant milestones in data privacy regulation worldwide: the end of the two-year grace period since the General Data Protection Regulation (GDPR) was first adopted by the EU Parliament in 2016. Beginning today, the GDPR is fully enforceable and organisations in non-compliance with this regulation may face significant financial fines.
How DocuSign has Prepared for the GDPR
At DocuSign, protecting our customers’ data and maintaining information security has always been and continues to be a top priority. With a high volume of digital transactions relying on the DocuSign services, we understand the imperative of protecting the important business and personal information entrusted to DocuSign. We’ve been proactively following the European Union’s transition to the GDPR for several years and continue to take opportunities to bolster our already-strong data privacy practices. Recent efforts include delivering recurrent data privacy and security training to our employees, adhering to strict global information security standards, and implementing comprehensive privacy policies and processes to our workflows.
Recognition via Binding Corporate Rules
The GDPR explicitly references Binding Corporate Rules (BCRs), as a mechanism for the transfer of personal data outside of the European Union. BCRs are widely considered “the gold standard” method of transfer as they represent more than a self-certification through a privacy framework or contractual arrangement. The requirements of BCRs are set by regulators, who scrutinize an organisation before giving approval. In March, DocuSign was pleased to receive approval for its application for BCRs. Going forward, DocuSign must demonstrate affirmative compliance with those requirements on a yearly basis with our Data Protection Authority Regulators in Europe.
Raising the Privacy Bar
Today represents a new era in the way all organisations around the globe should approach data privacy. The GDPR raises the bar in its approach to empowering individuals and insisting on accountability from the businesses that collect their data. The EU has essentially shown the world there is a better way, and it starts with being transparent and telling individuals in simple language what data you are collecting about them and why.
Resources for DocuSign Customers
For more detail on DocuSign’s approach to protecting customer data and how our solution can enhance customers’ efforts to comply with the GDPR, visit:
- GDPR Basics page – get more information on the regulation and how DocuSign can help
- GDPR FAQs and Data Protection and Trust Guide – a quick reference source for clarity, transparency, and guidance from a legal perspective
- Privacy Smarts blog – learn more about how you can work to protect data privacy
By Reggie Davis, General Counsel, Chief Privacy Officer