We are looking for a secure alternative solution to IRIS OpenSpace for requesting client approvals/signatures. We are dismayed with their pricing and customer service.
There are a number of applications available to obtain client signatures via email such as docusign, hellosign etc. As far as I understand, these rely on you uploading a document into the application which is then sent via encrypted email for signing.
We don’t want to go down the route of adding passwords to every document we send because it is not efficient. So is the fact that the application encrypts the email sufficient from a GDPR perspective? The document itself is not password protected, so if the email account has been hacked, the document could be read by the hacker.
Iris OpenSpace is more of a document sharing facility where the client can login and access documents or approve within the portal. On the face of it, that seems more secure, but actually if that client’s email account has been hacked and you send an email to tell them to login to OpenSpace and view/approve a document, I assume all the hacker has to do is reset the login password for OpenSpace and receive the password reset link via the email account, and Hey Presto!
So on the face of it, both options are not 100% secure.
I see many other accountants commenting about using the various e-sign offerings. I’m just confused how GDPR impacts on it.