DocuSeal is an eSignature service that facilitates on behalf of a “Signature Requestor” (i.e. your company). The Signature Requestor (which can include affiliates and subsidiaries) sends documents requesting electronic signatures. It is crucial for a Signature Requestor to understand when GDPR compliance is necessary and to ensure that signatory data is managed with the utmost care in those situations. This guide will help you create documents to request signatures that adhere to GDPR guidelines.
The General Data Protection Regulation (GDPR) is a European law regulating the processing of personal data of individuals located in the European Economic Area (EEA GDPR) and the United Kingdom (UK GDPR). If your business collects, uses, transfers, stores or otherwise processes personal data of individuals in these regions, compliance with GDPR is mandatory.
If your business operates outside Europe but collects data from individuals within the EEA and the UK, you may still need to comply with GDPR.
While personal use or small businesses might be exempt from certain requirements, it is always recommended to consult with a legal expert to fully understand your obligations.
You need to ensure that the service you are using to send documents is GDPR compliant. DocuSeal has taken necessary steps to ensure it is GDPR compliant such as hosting our docuseal.eu customer’s data in the EU. Alternatively, we offer a self-hosted option so that you can fully control where your data is hosted. You can learn more about DocuSeal and GDPR compliance here.
When sending documents that collect personal information (e.g. name, email, phone number) and signatures ensure that you collect consent appropriately as explained below.
Collecting explicit consent from signatories is a critical requirement for GDPR compliance. Consent must be freely given, specific, informed and unambiguous.
Software | Use | Location | GDPR Compliance |
---|---|---|---|
DocuSeal, LLC | eSignature | US | https://www.docuseal.co/privacy/gdpr |
Under GDPR, signatories have the right to access their personal data or request its deletion. Inform signatories of these rights and provide an easy method for them to make such requests. This could be as simple as providing an email address for data access or deletion requests.
DocuSeal allows you to delete individual documents and associated data permanently.
Remember while this guide provides an overview of GDPR compliance, always consult with a legal advisor to ensure your specific practices meet all necessary requirements.
If you have any questions please contact us at hi@docuseal.co.