Skip to main content

GDPR

GDPR-proof file sharing

Whoever shares business documents processes personal data. The GDPR sets requirements for that. This is what needs to be in order, and how codocs covers each point.

What the GDPR requires for file sharing

Know where your data lives

Files are stored encrypted on European servers. No transfer outside the EU as part of the service, so no puzzling with transfer mechanisms.

Data processing agreement (art. 28)

If you use codocs for client data, a data processing agreement belongs with that. It is ready, including the sub-processor list; request it via hello@codocs.nl.

Data minimisation (art. 5)

codocs only asks for an email address. No date of birth, no phone number, even your first name is optional. Cookieless statistics.

Control and limit access

Two-step verification by default, share links with password and expiry date, and every link can be revoked instantly. Access stops when you want it to.

Accountability: demonstrate, not claim

The audit log records every upload, download and share with a timestamp. Processing register and breach procedure are documented and available on request.

Keep no longer than necessary

Expiry dates on shares and deletion whenever you want. Deleted files are permanently erased after the recovery window, including from backups after the retention period.

Data breaches: procedure and duty to report (art. 33)

A breach procedure is in place with assessment steps and reporting deadlines towards the supervisory authority and data subjects.

Data subject rights (art. 15-20)

Users export their own data from their profile and can fully delete their account including files. No support ticket needed.

Why the default route is a struggle

Free American sharing services are hard to justify under the GDPR: data outside the EU, no tailored processing agreement, no view of who downloads what, and terms paid for with data collection. Not forbidden, but a lot of explaining towards clients and the regulator. A European service with its paperwork in order is the shorter route.

Quick self-check

  • Is your shared data stored within the EU?
  • Do you have a data processing agreement with your sharing service?
  • Can you revoke a shared link when things go wrong?
  • Can you prove who downloaded a document?
  • Do your share links expire automatically?
  • Do you know what to do in case of a data breach?

Six times yes? You are in good shape. Doubt about any of the six: that is exactly what codocs solves.