General Data Protection Regulation (GDPR)

The General Data Protection Regulation (“GDPR”) is a European data protection law that will be enforced as of May 25, 2018.  It aims to update data privacy standards to address the increase in the creation and processing of personal data in today’s technology, including the cloud and social media, with robust accountability. GDPR emphasizes increased transparency and choice for individuals, while requiring organizations that process personal data to be responsible for it.

As an organization focused on trust and careful handling of customer documents, DocuSign has developed a strong compliance culture and stringent security safeguards that are reflected in its ISO 27001 certification. DocuSign’s GDPR compliance efforts will leverage these assets.  DocuSign is actively monitoring regulator guidance and interpretations of key GDPR requirements to inform its efforts, and, like many cloud service providers, is reviewing its data protection program and making adjustments to ensure compliance with the General Data Protection Regulation (“GDPR”) by May 25, 2018.