✓ We have a dedicated DPO and a Legal team which are involved and consulted on an early stage before any changes to data processing takes place.
GDPR Compliance
The General Data Protection Regulation (GDPR) is a key legislation from the European Union. It ensures strong privacy protection for Europeans, but it also pushes better privacy best practices around the world. Since it came into force in 2018, supervisory authorities have increased scrutiny and issued substantial fines for non-compliance.
GDPR compliance at Scrive
Scrive is a European provider of eSigning and eID solutions. As such, we take pride in ensuring compliance with European data protection legislation such as the GDPR. We work with GDPR compliance in several different ways, such as:
✓ We have implemented relevant policies such as a Data Protection Policy, an Information Security Policy, a Data Retention Policy, a Sourcing Policy etc.
✓ Before we make any changes to our services, we make sure that these comply with the commitments that we have made towards our customers in our customer data processing agreements.
✓ We offer our services on two different platforms (Scrive’s standard platform and Scrive EC), based on our customers’ individual needs and assessments. The standard platform is hosted on AWS’ infrastructure in the EU and Scrive EC is hosted on the Swedish hosting provider Cleura’s infrastructure in the EU.
✓ We have implemented a Privacy by Design mindset with focus on compliant product development.
✓ We hold regular training sessions for our employees on GDPR compliance.
✓ We have clear procedures on how to assess and approve new suppliers (including new sub-processors).
✓ We are ISO 27001 certified and are subject to yearly audits.
European provider, European services
Since the Schrems II ruling in 2020, an increased focus has been placed on third-country transfers of personal data. Scrive is a fully European company and only makes use of European hosting for our services. In addition, we have ensured additional security measures to minimise the risks for indirect third-country transfers. As believers in choice, we are also offering our services on two different platforms, which makes it possible for our customers to make an informed decision based on its individual needs and risk assessments.
In July 2023, the Data Privacy Framework came into effect, making it substantially easier to transfer personal data to the United States. Scrive will however continue to invest in European solutions for the European market. Meaning that with Scrive, you will be ready from day one, should there come a Schrems III ruling.
General overview of Scrive and its competitors in the eSigning market*
| Scrive EC | Scrive’s standard platform | Typical EU competitor | Typical US competitor | |
|---|---|---|---|---|
| European provider (Parent company) | ✓ | ✓ | ✓ | ❌ |
| European hosting | ✓ | ✓ | ✓ | ❌/✓ |
| European hosting provider (contract party) | ✓ | ✓ | ✓ | ❌ |
| European parent company of hosting provider | ✓ | ❌ | ❌ | ❌ |
* This schedule only aims to give a general overview. Deviations may apply to specific competitors.