GDPR compliance at Scrive
The General Data Protection Regulation (GDPR) is a key legislation from the European Union. It ensures strong privacy protection for Europeans, but it also pushes better privacy best practices around the world.
Scrive is the European provider of electronic signing and eID solutions. As such, we take pride in ensuring compliance with European data protection legislation such as the GDPR.
We work with GDPR compliance in several different ways, such as:
We have a dedicated DPO and a Legal team which are involved and consulted on an early stage before any changes to data processing takes place.
We have implemented a Privacy by Design mindset with focus on product development.
We hold regular training sessions for our employees on GDPR compliance.
We have implemented relevant policies such as a Data Protection Policy, an Information Security Policy, a Data Retention Policy, a Sourcing Policy etc.
We are ISO 27001 certified and are subject to yearly audits.
Before we make any changes to our services, we make sure that these comply with the commitments that we have made towards our customers in customer data processing agreements.
We have clear procedures on how to assess and approve new suppliers (including new sub-processors).
We offer our services on two different platforms (Scrive’s standard platform and Scrive EC), based on our customers’ individual needs and assessments. One is hosted on AWS infrastructure and the other is hosted by Swedish provider Cleura.