Skip to main content

Privacy and the GDPR

DocuSign helps accelerate business by simplifying and modernising the way in which agreements are prepared, signed, and managed. At the same time, DocuSign is committed to protecting the personal data of our customers, employees, and business partners, including vendors, from unauthorised disclosure or use. Check out the resources below to learn about DocuSign’s approach to privacy, the General Data Protection Regulation (GDPR), and how DocuSign can help with GDPR-compliant processes.

Read our Privacy Policy

About the GDPR

What is the GDPR?

The GDPR expands the privacy rights of European individuals and places new requirements on all organisations that collect, store, transfer or use the personal data of these individuals. From May 25, 2018 onward all companies processing and holding the personal data of individuals residing in the EU must comply with the GDPR, regardless of company location. Learn more about GDPR basics.

The GDPR and DocuSign

DocuSign is actively monitoring regulator guidance and interpretations of key GDPR requirements and has made important strides in data protection, many of which are applicable to the GDPR. As an organisation focused on trust and careful handling of customer documents, DocuSign has developed a strong compliance culture and robust security safeguards, which are reflected in its ISO 27001 certification and its approved Binding Corporate Rules (BCR). Read more about DocuSign’s structured commitment to GDPR preparation. Find detailed answers to questions around DocuSign’s approach to data residency, data retention, and more on our Trust Center.

Binding Corporate Rules

DocuSign received approval from the European Data Protection Authorities of its Binding Corporate Rules (BCR), widely considered the ‘gold standard’ for legal transfers of personal data outside the EU, as both a data processor and as a data controller (DPA) on March 16th, 2018. Learn more about DocuSign’s Binding Corporate Rules.

How can DocuSign help customers with the GDPR?

The DocuSign eSignature solution can benefit companies that are developing compliant processes for the GDPR, including key use cases such as consent, procurement, privacy impact assessments, and breach notification.

Key Benefits

Audit trail: DocuSign’s time-stamped, tamper-evident electronic audit trail will automatically track consent activity, privacy policy updates, breach notification, and other GDPR required customer interactions. DocuSign’s court admissible Certificate of Completion provides proof to confirm the validity of your transactions.

Bulk Send: Save time when sending the same document to large numbers of users. Import a list of recipients and send one document to everyone on the list at once.

Reduce set up time: DocuSign templates allow you to define recipient roles and workflow, as well as add text and check boxes to collect information from the signer to automate GDPR processes.

Automate workflows: Powerforms let you generate on-demand, self-service documents for signature helping eliminate document preparation time and easily pull the data you collect into existing applications.

More on the GDPR

See our compilation of GDPR best practices here.