At Signaturit, as a Trust Service Provider, personal data helps us to offer trust services that set us apart from the rest. Our goal is to comply with the legal and technical requirements that help us create a high level of trust with our customers.
It is for that reason that the GDPR, more than a legal obligation, has been an opportunity for us to demonstrate the commitment we have to our clients in the protection of their personal data and the security thereof.
In the next post we address our professional commitment to the principles and values of this new European regulation and how we have dealt with it in order to comply with maximum security in the provision of our services.
This post is also available in Spanish.
Table of contents
As a result of this new regulation concerning the protection of personal data of all those who are in the European Union (General Data Protection Regulation), and its full entry into force next Friday, May 25, there are some important changes that we want to share with our customers and users.
The General Data Protection Regulation, or GDPR, is a set of requirements designed to give people in Europe greater protection and control of their data.
The requirements apply to all companies, public institutions, non-governmental organizations and self-employed professionals, in any location and industry, that process the personal data of those who are in the EU.
For consumers, the GDPR offers new options regarding their data, adding more rights to those covered under current legislation. Once the Regulation is fully in force, consumers will be able to access, edit, correct, transfer, delete, disable and restrict the processing of their data.
For companies, the GDPR requires measures to protect personal data and to notify the authorities if there is ever a breach of personal data. It also introduces new requirements for the processing of personal data, including clear notification of data collection and type of data usage, and the obligation to maintain data processing records.
At Signaturit this change in regulation was primarily an internal commitment. To do this, we executed a Data Protection Impact Assessment (DPIA) based on article 35 of the GDPR, in order to become aware of our possible vulnerabilities.
Furthermore, to improve our internal processes we train staff on the importance of our clients' data, and how it should be processed.
At the same time, we are adopting a global approach to ensure that data is reliable and protected in all our markets. For example, an EU member who logs in while on vacation in India will still have their GDPR rights recognized. To this end, every aspect of our business is involved in the effort to create equipment, systems and processes to ensure compliance.
Specifically, at Signaturit we have taken the following measures to ensure respect for data protection from the origin which includes:
We have appointed a Data Protection Officer.
We have updated our products to obtain the correct consent when it is necessary, and in turn, we have updated our contracts with our clients. As Data Processors, we must ensure compliance with the GDPR in its entirety, but above all due to the trust that has been placed in us.
We have updated our advertising systems, to get in touch with those who have requested it.
We have reviewed the documentation requirements necessary to comply with the Regulation.
We have evaluated the impact that our procedures may have on the protection of your personal data.
We are working to make the new consumer data rights under the GDPR easy and accessible for all our members. For this, on 25 May we will have the various processes implemented so that our users can exercise their rights, and demonstrate that from our end, we will always be looking out for those who may want to exercise their GDPR rights.
We are fully committed to security and quality, that's why we have ISO 9001, and we are in the process of obtaining ISO 27001. Our Information Security Management System has become our centre for defining how to operate.
We safeguard the integrity, confidentiality, availability and security of all the information that we process; achieving the ISO 27001 certification was a real milestone for us. In addition, we will overcome the conformity assessment in accordance with eIDAS, to be a Reliable Trust Service Provider and to be on the Trusted list of qualified providers of electronic trust services (TSL), and thus again ensure our commitment to customers.
Lastly, as soon as the Spanish Data Protection Agency defines the corresponding audits in accordance with the GDPR, our objective will be to meet all the requirements to overcome their needs without problems.
This post is also available in Spanish.