GDPR compliance at Scrive

Scrive is the European provider of eSigning and eID solutions. As such, we take pride in ensuring compliance with European data protection legislation such as the GDPR. We work with GDPR compliance in several different ways, such as:

• We have a dedicated DPO and a Legal team which are involved and consulted on an early stage before any changes to data processing takes place.
  
  

• We have implemented a Privacy by Design mindset with focus on product development.
  
  

• We hold regular training sessions for our employees on GDPR compliance.
  
  

• We have implemented relevant policies such as a Data Protection Policy, an Information Security Policy, a Data Retention Policy, a Sourcing Policy etc.
  
  

• We are ISO 27001 certified and are subject to yearly audits.
  
  

• Before we make any changes to our services, we make sure that these comply with the commitments that we have made towards our customers in customer data processing agreements.
  
  

• We have clear procedures on how to assess and approve new suppliers (including new sub-processors).
  
  

• We offer our services on two different platforms (Scrive’s standard platform and Scrive EC), based on our customers’ individual needs and assessments. One is hosted on AWS infrastructure and the other is hosted by Swedish provider Cleura. Reach out to your contact at Scrive or our Sales team if you want to learn more about Scrive EC.
  
  

Did you find this guide helpful?