GDPR: Our Plans

When you write ‘GDPR’ in a blog title, you know your readership will be low. If you keep reading this you will almost certainly have some responsibility for GDPR within your own company and this article is for you.

This is an outline for current and potential customers on our plan to meet the upcoming GDPR compliance regulations on personal data. As we move through these plans we will update the blog on our progress. Learn more about Legalesign's eSignature GDPR feature set.

Legalesign is already ISO27001 certified for data security and so many data protection systems are already in place. At its core, the ISO is a framework for continuous monitoring and improvement. GDPR principles will be built into that framework to ensure our ongoing commitment and compliance.

Legalesign is both a data ‘controller’ and a ‘processor’ within the definition of the Regulation. We are a ‘controller’ in terms of the personal data we store for ourselves, and a ‘processor’ for our customers, in respect of any personal information they store about their own customers.

As a controller, we have just completed our information assessment and audit. This has identified the actions we must take to meet compliance. We will be making those changes throughout February and March, and we anticipate being fully compliant in good time by April.

As a processor, we have a responsibility to ensure that our customers’ meet their own GDPR obligations. This month we have undertaken the information audit. This audit identifies all our information assets and data flows and where we may need to make changes. This is now complete and we are spending the remainder of the month putting together a proposed set of features to meet the regulations.

We intend to circulate that to customers for consultation in February. The consultation will conclude at the end of that month and we will get to work on making the necessary changes in March and early April. We will then come back to customers and ask them to review the procedures. This leaves us a full month in anticipation of any final tweaks, so we can expect to meet the deadline of 25th May when the Regulations become enforceable.

If you have any queries please contact us. Otherwise please watch this blog, or follow our social media feeds for updates on progress.