Digital certificates are computer files that allow the identity of a natural or legal person to be proven, electronically sign digital documents with the same validity as the paper originals, and even encrypt files and certain communications.
In fact, in the case of personal digital certificates, the evolution and substitution of the electronic signature for the biometric signature (fingerprint or facial recognition) is becoming more and more common.
In the business world, there are two types of digital certificates: representative (which allows you to sign with the name, surnames and DNI of a manager or manager) or legal person (company name and NIF).
To guarantee proper management of digital certificates and electronic signatures, we recommend the following aspects to take into account in the workplace:
– That the electronic signatures of the representatives , in which the name, surnames and DNI appear, are used only in those documents or official procedures that require it. Digital certificates must be understood for personal and non-transferable use and, therefore, their use by third parties is prohibited. They may only be used under the direct supervision and express authorization of the person in charge or manager to whom that signature belongs.
– That, for the rest of the operational, financial or tax procedures and for procedures through platforms of entities, administrations or public bodies, the digital certificate of legal person is used exclusively. Since it is issued under a corporate title, that is, the one in which the name of the company and the NIF appear, but no personal data.
– That in both cases the security and privacy measures applicable to the authorization, installation, custody, blocking and expiration of digital certificates must be extreme. In this regard, the IT department must keep a record of their management and control.
– That the persons authorized to use a certain digital certificate in the exercise of their work functions, must undertake not to make a different use for their own benefit and/or that of unauthorized third parties. For this, it is recommended to know the conditions of use that are established in company policies and/or the signature by each authorized user of a responsibility agreement.