Skip to main content
Certyneo

Electronic signature: GDPR, eIDAS and proof

The essentials of e-signature compliance: the eIDAS framework, GDPR, data hosting and the proof file.

5 min read
eIDAS: the European trust framework

The eIDAS regulation governs electronic signatures across the European Union and gives them legal value. It defines three levels — simple, advanced and qualified — to be chosen according to the document's stakes. An eIDAS-compliant signature is recognised before the courts of member states.

GDPR and data hosting

A document to be signed often contains personal data. GDPR compliance means data hosted in the European Union, encrypted in transit and at rest, controlled access, and a Data Processing Agreement (DPA) between you and your provider. Always check where the data is located and the list of sub-processors.

The proof file, your safety net

With every signature, a proof file is generated: signer identities, timestamps of actions, IP addresses, the document fingerprint and the signature level. It's the exhibit that, in a dispute, shows who signed what, when and how. Keep it with the document, ideally in an evidential vault.