When you send a contract, you're handling personal data: names, email addresses, signatures, and more. That means GDPR applies to you. GDPR (General Data Protection Regulation) is a European privacy law that sets out how personal data must be collected, stored, and used. It applies to any organisation that processes the personal data of people in the EU or EEA, regardless of where the organisation itself is based.
The good news: you don't need to be a legal expert to get this right. GDPR is mostly about being thoughtful and transparent. This guide walks you through the essentials so you can use Connie with confidence.
What is personal data?
Personal data is any information that can identify a person, directly or indirectly. If someone could look at it and reasonably figure out who it's about, it counts. Examples:
Identity details: name, date of birth, photo
Contact info: phone number, email, home or work address
Financial data: bank account or payment details
Media: photos, video, or audio recordings
Digital identifiers: IP address, location data, cookies
When to be extra careful
Personal data shows up constantly in contract workflows. Here are the moments that deserve a second thought:
Sending contracts: contracts often include names, signatures, and contact details. Think about who needs access before you share.
Sharing documents: check that only the right people have view or edit permissions.
Storing data: don't keep personal data longer than needed. Use Connie's built-in Expiration Date feature where possible.
Using external tools: any service you use should be GDPR-compliant and listed in your privacy policy. Connie is, check our Trust Center.
Handling requests: people have the right to ask for a copy of their data, or for it to be deleted. Have a process ready.
Your legal responsibilities (GDPR)
When you collect or process personal data in the EU, you are legally required to handle it in line with the General Data Protection Regulation (GDPR). This means you must:
Collect data only for a clear and lawful purpose.
Keep it accurate and up to date.
Store it securely and protect it from misuse.
Delete it when it’s no longer needed.
Be transparent by telling people how you use their data (e.g. in your privacy policy).
The rights of individuals
Under GDPR, the person whose data you collect (often called the data subject) has specific rights. These include the right to:
Access their data (request a copy).
Correct their data if it’s wrong.
Delete their data (“the right to be forgotten”).
Restrict or object to certain uses of their data.
Move their data to another provider (data portability).
You need to have processes in place to respond if someone exercises these rights.
Why it matters
Handling personal data responsibly builds trust with your clients and partners, keeps you on the right side of GDPR, and protects you if something goes wrong. It's less about compliance paperwork and more about treating people's information the way you'd want yours treated.
💡Tip: You can read more about adding Connie to your privacy policy in this guide.
Disclaimer
Connie is not a law firm, and this information is provided for general guidance only. It does not constitute legal advice. You should consult with a qualified legal professional to ensure your Privacy Policy and contracts meet your specific legal and regulatory requirements.