An interview with Kim Stieber (owner of mindtrace Stieber Beratung GbR)
For more than 15 years, mindtrace Stieber Beratung GbR has been supporting clients from the service sector, especially banks and insurance and financial service providers. Kim Stieber is the founder and owner of the company. As an expert in digitalisation and data protection, he answers three fundamental and important questions about data protection when using electronic signatures.
Table of contents
Where are typical GDPR pitfalls in the context of an electronic signature?
“Often, it starts with the fact that there are no regulations regarding the GDPR in the company at all. There is still a lack of basic things in 2021.
Otherwise, the use of an electronic signature is very simple from a data protection point of view. The process must be secure in itself and the customer’s consent must be available in accordance with Art. 6 GDPR.
It should also be noted that for certain operations, data of a special category (cf. Art.9 GDPR) is processed within the scope of the electronic signature. Then, a heightened duty of care applies, but this can be fulfilled as part of the process without putting a strain on the client.”
Otherwise, the use of an electronic signature is very simple from a data protection point of view. The process must be secure in itself and the customer’s consent must be available in accordance with Art. 6 GDPR.
It should also be noted that for certain operations, data of a special category (cf. Art.9 GDPR) is processed within the scope of the electronic signature. Then, a heightened duty of care applies, but this can be fulfilled as part of the process without putting a strain on the client.”
What data protection aspects must be taken into account when selecting an electronic signature solution?
“For the selection, it is always necessary to check what kind of personal data is being processed and by whom it is being processed.
Since the electronic signature per se always processes this type of data, the GDPR must be taken as a basis. The new Federal Data Protection Act (BDSG) should also be examined for its relevance on a case-by-case basis.
Due to the ruling of the ECJ of 16.07.2020 (AZ. C-311/18), many providers from the USA are to be assessed as sub-standard. Although contracts with standard contractual clauses are an exception according to the ECJ, it is questionable whether the signing companies can protect themselves against interference by authorities in the USA, in order to comply with a certain data protection standard for data transfers.
My recommendation is basically to look for a solution in the EU.“
Since the electronic signature per se always processes this type of data, the GDPR must be taken as a basis. The new Federal Data Protection Act (BDSG) should also be examined for its relevance on a case-by-case basis.
Due to the ruling of the ECJ of 16.07.2020 (AZ. C-311/18), many providers from the USA are to be assessed as sub-standard. Although contracts with standard contractual clauses are an exception according to the ECJ, it is questionable whether the signing companies can protect themselves against interference by authorities in the USA, in order to comply with a certain data protection standard for data transfers.
My recommendation is basically to look for a solution in the EU.“
What is two-factor authentication (2FA) and why is it important?
“The topic of two-factor authentication is very comprehensive. Basically, a second factor (SMS, TAN, etc.) serves for greater security when logging in, so that a potential attacker cannot gain access to the data.
Many people are already familiar with 2FA from the banking sector, where it has been mandatory since 2018.
In the context of an electronic signature, I think a 2FA is mandatory for accessing the data, such as customer portals or even accessing the electronic signed documents.”
Many people are already familiar with 2FA from the banking sector, where it has been mandatory since 2018.
In the context of an electronic signature, I think a 2FA is mandatory for accessing the data, such as customer portals or even accessing the electronic signed documents.”
If you have any questions, please feel free to contact us or our data protection expert at mindtrace Stieber Beratung GbR.
About the author
Christina Detling – Online Marketing Manager
Christina has been working at inSign for over four years and is happy to pass on her knowledge of electronic signatures and digitisation.
- Further articles
More on the topic of digital signatures