The GDPR deadline is here. Here are our highlights.

Today is the day we GDPR lovers have all been waiting for and in this blog post, we’d like to share with you the highlights of the GDPR – by now you should already know what it stands for – by Team Oneflow.

Send GDPR contracts in bulk for e-signatures.

We have seen many customers who have “sent in bulk” their GDPR contracts, such as data processor agreements, for e-signatures. The process often consists of thousands of GDPR contracts at a time.

Without automation and e-signatures, customers would have needed to send each contract via regular email and to physically manage the signed documents. The process would have taken much longer time. Not to mention the laborious (and boring) effort to follow up on the status of each contract in order to get them, sometimes by multiple signers, signed on time.

Traditional e-signing vendor + GDPR = False.

Sofia Bruno, Partner at Gro Advokatbyrå is a senior GDPR and Privacy expert. In this 7 minute video, we had a chat about GDPR and how it affects contract management.

Many PDF-based e-signing tools out there require you download and upload the contract each time you make an update during the negotiation process. You often have to open the original Word document, make requested changes, save the document as PDF, upload to the e-signing service. By doing this, you may be unintentionally saving the older versions of the contract on your computer. You may even have to attach the document to your email. These practices present serious GDPR compliance risks.

More details about “How to control personal data flows related to contracts” in this blog post here.

Is email generally bad from the GDPR perspective?

The answer is yes, email is generally bad from the GDPR perspective. It doesn’t mean that we are not allowed to email anymore, but we need to watch out for content that contains personal data such as contracts and salary statements.

The GDPR is all about knowing and being able to inform all processing activities of personal data to the rightful owners. Because email can be easily accessed by others, unintentionally stored in local drive, lost track of, sent to unintended recipients; it doesn’t give the control that you – as a data controller – require for compliance with the GDPR.

So with that said, if you are still sending and receiving contracts back and forth, perhaps it’s time that you take a look at the alternative way of doing it?

Phone calls and the GDPR.

Making cold calls, like sending emails, is a data processing activity of personal data – in this case, the phone number – so you will have to inform about where and how you will be using the data for.

It would be silly, to say the least, to read out loud the privacy notice during the phone call, so how do you go about fulfilling your obligation without boring your caller? An idea could be to an option to your automated phone menus that guide people to review your privacy notice on your website. In any case, always make sure that you are making the calls based on a legitimate interest.

A large majority of our friends thought the GDPR was a bore.

Three weeks prior to the GDPR deadline, we did a fun little GDPR survey on LinkedIn. We thought it was important to get everyone engaged with the GDPR compliance work and in order to do that, we asked this question:

Which emoji best describes your feeling about the GDPR?

Sadly we did not get many responses and the results are certainly not statistically significant, but we did get some responses and here’s what our friends thought.

Well, it turns out that a large majority of our friends thought the GDPR was a bore, while others thought it was awesome that finally, our personal data is protected. Some were frustrated because there were many unanswered questions but so little time left. We are happy to see that nobody felt panicky, as there is no need to do so.

As for us, we think it’s awesome that the GDPR day has finally arrived. What a great excuse to start fresh and do it right.

And that sums up our highlights of the GDPR today. Thank you for reading.

How do you feel about the GDPR? We’d love to hear it.