Send a GDPR compliant signature request

DocuSeal is an eSignature service that facilitates on behalf of a “Signature Requestor” (i.e. your company). The Signature Requestor (which can include affiliates and subsidiaries) sends documents requesting electronic signatures. It is crucial for a Signature Requestor to understand when GDPR compliance is necessary and to ensure that signatory data is managed with the utmost care in those situations. This guide will help you create documents to request signatures that adhere to GDPR guidelines.

What is GDPR?

The General Data Protection Regulation (GDPR) is a European law regulating the processing of personal data of individuals located in the European Economic Area (EEA GDPR) and the United Kingdom (UK GDPR). If your business collects, uses, transfers, stores or otherwise processes personal data of individuals in these regions, compliance with GDPR is mandatory.

If your business operates outside Europe but collects data from individuals within the EEA and the UK, you may still need to comply with GDPR.

While personal use or small businesses might be exempt from certain requirements, it is always recommended to consult with a legal expert to fully understand your obligations.

Sending a GDPR compliant signature request

You need to ensure that the service you are using to send documents is GDPR compliant. DocuSeal has taken necessary steps to ensure it is GDPR compliant such as hosting our docuseal.eu customer’s data in the EU. Alternatively, we offer a self-hosted option so that you can fully control where your data is hosted. You can learn more about DocuSeal and GDPR compliance here.

When sending documents that collect personal information (e.g. name, email, phone number) and signatures ensure that you collect consent appropriately as explained below.

Collecting explicit consent from signatories is a critical requirement for GDPR compliance. Consent must be freely given, specific, informed and unambiguous.

  1. Clear Purpose Explanation: Explain why you are collecting personal information and signatures, how the information will be used and whether it will be shared with third parties. Signatories must understand and agree to these terms without coercion.
  2. Opt-In Consent: Add a checkbox field to your document for signatories to opt-in consent. Ensure the checkbox is not pre-checked. If you plan to use the data for multiple purposes, provide separate checkboxes for each purpose, accompanied by clear explanations.
  3. Privacy Policy: Include a text block that explains your data usage policies and provides a link to your privacy policy. Alternatively, use field description to inform your signers about the data collection and privacy policy.
    • If you are using docuseal.eu Cloud you need to identify DocuSeal, LLC as your subprocessor.
    • If you are self-hosting DocuSeal on-premises then mentioning DocuSeal, LLC as a subprocessor is not required.

    Software Use Location GDPR Compliance
    DocuSeal, LLC eSignature US https://www.docuseal.co/privacy/gdpr

Example

GDPR Compliant Document for Signatures

Data control

Under GDPR, signatories have the right to access their personal data or request its deletion. Inform signatories of these rights and provide an easy method for them to make such requests. This could be as simple as providing an email address for data access or deletion requests.

DocuSeal allows you to delete individual documents and associated data permanently.

Remember while this guide provides an overview of GDPR compliance, always consult with a legal advisor to ensure your specific practices meet all necessary requirements.

If you have any questions please contact us at hi@docuseal.co.