Electronic signature: GDPR, eIDAS and proof
The essentials of e-signature compliance: the eIDAS framework, GDPR, data hosting and the proof file.
The eIDAS regulation governs electronic signatures across the European Union and gives them legal value. It defines three levels — simple, advanced and qualified — to be chosen according to the document's stakes. An eIDAS-compliant signature is recognised before the courts of member states.
GDPR and data hostingA document to be signed often contains personal data. GDPR compliance means data hosted in the European Union, encrypted in transit and at rest, controlled access, and a Data Processing Agreement (DPA) between you and your provider. Always check where the data is located and the list of sub-processors.
The proof file, your safety netWith every signature, a proof file is generated: signer identities, timestamps of actions, IP addresses, the document fingerprint and the signature level. It's the exhibit that, in a dispute, shows who signed what, when and how. Keep it with the document, ideally in an evidential vault.