What matters about GDPR?

Published Date: 16 September 2019

Consumers are taking over control

As frustrating as it may be to get privacy policy updates, notices of attention and pop up windows asking for your consent whenever entering a new page on the web – it comes with a purpose! 

It is more than a year ago since the EU General Data Protection Regulation, or widely known as GDPR, came in force. Going forward with solely explicit data, and out with the implied data that many have relied on since the dawn of the internet.


“¡Dios Mio! Mon Dieu and Vorherre Bevars – that’s complicated!” 

It is complicated, and it does take time to dive into but on the flipside it serves to protect the personal data of anyone. Meaning that if you deal with data within Europe, then you must be aligned with GDPR regulations, wherever you operate from. Giving the power back to consumers and keeping companies on their toes.


Companies general reactions

Most companies that collect and process personal information for people living in the EU, seem to have adapted. Acquiring new systems and processes to ensure that individuals understand what data is collected about them and if it is inaccurate then it can be changed, moved somewhere else or deleted by their choice. So in many ways the GDPR represents a profound change for many organisations. While there were concerns about the implementation, some companies recognized the opportunities that followed with. 


Recognizing it and implementing it

At Penneo, we have heartilly embedded it in our operational systems, embraced GDPR and today our starting point for everything we do is to acknowledge our responsibility to protect our customers’ privacy.

There are several ways of achieving and providing our customers safe solutions. 

  1. IT security is a priority, as a proof of this, we are certified for compliance with the  ISAE-3000 issued by KPMG.
  2. Penneo offers compliant ways of automation, managing and digital solutions to all signers in real-time. Meaning that each newly generated digital signature will be time-stamped by a time-stamping authority so that the trusted time of signature generation can be identified. 
  3. An online trusted time-stamping authority is a typical approach to maintain the validity of a digital signing process.
  4. Penneo also supports national digital certificate-based signatures with Norwegian BankID, Swedish BankID and Danish NemID and comply with the regulation requirements on Advanced Electronic Signatures in Denmark and Sweden, and on Qualified Electronic Signatures in Norway. 


Wrapping up

It is now a year ago that GDPR was implemented and one thing that Penneo is proud of is that whenever there’s a big shift in policy, be it in international policy or at a local organisational level, look at the driving reason behind the change and understanding that reason is key to making the most out of new opportunities. 

We suggest clearly signalizing and communicating to your customers and shareholders, the procedures being implemented for compliance and the purpose of these procedures. Not only does this show transparency about security measures taken to be compliant but is also builds a deep trust and attract & retain customers.