Skip to content

Security

How to keep personal data flows in control for GDPR compliance

Why getting rid of processes prone to human errors are important for GDPR compliance – according to Sofia Bruno, Partner & Senior GDPR expert, Gro Advokatbyrå.

The General Data Protection Regulations, or GDPR, applies to all personally identifiable information and we urge companies to take a look at the processing activities around documents containing personal data, such as contracts.

Processing activities may include any action that you do that document, such as saving, sending, filing, etc.

Some of the activities that are prone to human errors include emailing contracts attached in emails back and forth, creating and managing contracts in “manual” formats such as Word/PDF/paper, or saving a different contract version every time there is a change to the contract on your local computer.

For example, someone can mistakenly email the contract to a wrong recipient. Someone saves the contract in his or her local drive or mailbox and then forgets to remove the older versions of the contract from his or her computer when the contract expires.

Why is this important to GDPR compliance?

As a data controller, you must have control of the personal data flows. You have the responsibility to keep the data flows secured, therefore you must eliminate all risks of human errors to ensure control. One of the biggest GDPR compliance risks is the failure to map data flows. These current practices of managing contracts present massive risks of you losing track of the data flows and control.

What should you do?

Besides overseeing the internal routines and procedures, companies need to provide an alternative way that is not only secure but also easy to adopt. Employees will still need to accomplish their tasks, however, in a GDPR compliant way. The recommended approach to achieve this is for companies to look for a cloud-based solution that fulfills these criteria:

  • The solution is secure and uses approved encryption standard.
  • The solution stores your data within the EU or EEA.
  • The solution eliminates the “attach to email” practice.
  • The solution eliminates the “save to disk” practice.
  • The solution allows you to manage documents within the service itself.

What is the key takeaway?

Many PDF-based e-signing tools out there require you download and upload the contract each time you make an update during the negotiation process. You often have to open the original Word document, make requested changes, save the document as PDF, upload to the electronic signing service. By doing this, you may be unintentionally saving the older versions of the contract on your computer. You may even have to attach the document to your email. These practices, as mentioned earlier, present serious GDPR compliance risks.

So the key takeaway is, if you are still relying on paper or PDF-based e-signing tools, you are not ready for GDPR.

Don’t take our words for it.

Take a look at this 7 minute interview with Sofia Bruno, Partner at Gro Advokatbyrå, where we explore GDPR compliance risks with today’s typical business practices of (1) storing documents containing personally identifiable information locally, (2) uploading/downloading these documents, and (3) sending the documents attached in emails back and forth. Sofia is a senior GDPR and Privacy expert and works with advising clients on these matters daily.PS: You may also want to take a look at Oneflow’s commitment to GDPR compliance.

Explore contract magic!

Prev:

Is contract security one of your concerns?

Next:

The first experience of your prospect can make or break the deal. Here’s why.

Related articles

Contracts

Contract risk management: The benefits and how it works

Contracts

Document archiving: All you need to know

Security

Top 10 best SaaS security practices

Sales

Your ultimate guide to improve your win rate vs close rate

digital contracts in sales
Sales

Integrating e-signatures your CRM system: Benefits and best practices

Sales

What are indirect sales? Your quick guide

Sales

What is a sales pipeline? A complete guide

Contracts

What is contract performance management? A handy guide