Building upon the core principles of the EU Data Protection Directive (Directive 95/46/EC), the GDPR places a significant new emphasis on accountability and a requirement for auditable consents. Though non-compliance is punishable by notable fines, obtaining consent should be considered not a measure to avoid penalty but an opportunity to build trust and better relationships with customers.
The problem for a lot of businesses is that their legacy systems usually don’t document the level of data required to prove that a valid, unambiguous consent or contractual acceptance was obtained. Manual processes and paper plague the most common transactions and introduce friction in the moments that matter most to their business.
Third-party tools can help businesses obtain valid, verifiable, unambiguous consents from individuals. It’s important to choose the right one to not only comply with the GDPR but to be able to demonstrate that compliance as well.
So, what should you be looking for when choosing a consent solution?
1. International Security Standards
Data protection is the foundation of the GDPR, so the transition requires the help of technology partners who prioritise the privacy and security of their customers’ data, and meet European and international security standards.
Certifications based on comprehensive assessments and audits and rigorous standards, such as ISO 27001:2013, assure global information security and typically apply across data centres, digital platforms, and operations. Providers should also be able to offer confirmation of information security controls, such as SOC 1 Type 2, which require a third-party service auditor, and SOC 2 Type 2, which validates that the provider’s technology meets the criteria for security, availability, and confidentiality.
2. Global Operations that Match Global Needs
As the GDPR applies to companies with global operations, a reputable solution will enable businesses to automate and manage entire digital workflows while staying compliant with local and industry standards. To that extent, it is advisable the technology provider has offices and data centres across the world, to meet global needs.
DocuSign, for example, offers all of the signature types defined under the eIDAS regulation, including EU Advanced and EU Qualified cloud signatures.
Each business has unique consent requirements, so the solution should have the flexibility to plug into a company’s current environment by using pre-built integrations with existing software, or custom connections. In the latter case, highly-configurable REST and SOAP APIs are necessary to capture, store, and manage data.
4. Streamlined User Experience
Robust workflows with easy-to-use document templates will automate the process for businesses sending consent forms. For end users, the solution should have the ability to capture data and a signature simultaneously, anytime, anywhere from any device, so consent can be provided quickly and without hassle.
Consent and the GDPR: An Essential Guide
By ensuring you have the right digital tools in place to manage the process, consent can be made for all involved. Customers can opt-in from their mobile devices, wherever they are, and businesses have an audit trail to demonstrate they’ve taken the appropriate measures in line with the GDPR. Not only do customers know that you are compliant as a business, they can provide consent without having to sacrifice a simple, user-friendly experience to do so.
Now, Fieldfisher, in association with DocuSign, offers guidance to prepare you for this unprecedented legislation. Read this essential guide to learn the key changes under the GDPR, why compliance is critical, and how digital tools can help businesses obtain consent.