Last Thursday, 25 February, Camerfirma and Aledia Legaltech hosted the webinar “Good practices for data protection when using electronic certificates”, in which they discussed the different legal implications in the processing of such certificates.
Sara Mora, founder of the consultancy firm, Aledia Legaltech, and expert in personal data processing, and Raquel García, Key Account Director at AC Camerfirma, who also acted as moderator for the event, focused on providing participants with a few notions on how to comply with current regulations and avoid falling victim to digital identity crimes.
Many organisations handle certificates that contain personal data and, therefore, the General Data Protection Regulation is applicable to them. However, there is a general lack of knowledge, something that this event was designed to address. As Sara Mora pointed out, data protection “sometimes isn’t connected with the digital signature, but it is a matter of great importance because it is a document that identifies a natural person and contains their personal data.”
According to the Regulation, any information that identifies a natural person is considered personal data. “If a company’s digital signature identifies a natural person as the legal representative or proxy of a department, or for certain activities, this signature is also within the scope of the GDPR and all measures included therein must be implemented,” says Mora.
In the race towards digitalisation, which has been accelerated by COVID-19, many companies have embarked on a disorganised process, without prior preparation or research into the legal requirements brought about by this new model. “They haven’t had time to reflect on the risks that data entails,” says Sara. In this sense, companies must not only avoid the dangers of a data leak, but also “face fines of up to 20 million euros or 4% of the global business turnover, for non-compliance with regulations”, continues Mora.
In view of this situation, at Aledia Legaltech they made a few suggestions on good practices in the use of digital certificates, such as using trusted providers when managing a digital certificate. “They should be companies that we know and that guarantee the quality and suitability of the product.”
Minimising risks with the signing of contracts for the provision of services with third parties can help those companies that are overwhelmed with online procedures to comply with the regulations and avoid financial penalties when they subcontract to other companies. In addition, it is advisable to contract a centralised signature service, both to record the transfer of the certificate to a third party and to reflect the activities that are carried out with that certificate.
Finally, they stressed the importance of including the correct use of certificates in data policies, including, for instance, who accesses it, where it is stored or what happens in case of loss. “If you don’t have a centralised signature service, you have to specify a single user to access this information from a central computer,” explains Sara Mora. Always having a password and avoiding the storage of certificates on devices such as USBs or hard drives can also help prevent improper use of this personal data.
At the end of the session, participants were able to attend a demo of GoSign, Camerfirma’s digital signature, authentication and storage platform that simplifies both an organisation’s internal and external processes while offering maximum trust and legality.
If you missed it, you can watch the recording of the webinar at this link.