GDPR
General Data Protection Regulation
On May 25, 2018, the General Data Protection Regulation (“GDPR”) went into effect, establishing a unified framework for the processing and handling of personal data of individuals residing within the European Union. “Personal data” can include names, IP addresses, images, email addresses, or any other data that can be used to identify a person. The GDPR’s reach is intended to apply to organizations located within the EU as well as organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, people within the EU.
Files.com is committed to GDPR compliance, and we are happy to offer a Data Processing Addendum (DPA). If you require a signed Data Processing Addendum, contact our support team to obtain a copy for review and signature.
The GDPR and Files.com
In addition to world-class security, Files.com offers the ability to choose where your data is stored. Current locations include USA, Virginia; Australia, Sydney; Canada, Toronto; UK, London; EU - Germany, Frankfurt; Japan, Tokyo; and Singapore.
Files.com also provides customers the flexibility to manage their data from around the world, allowing quick responses to Right to be Forgotten and other requests from data subjects.
Data Processing Addendum
Customers that are storing or transferring data on Files.com that is covered under GDPR will need to sign our DPA. Contact support to obtain the Files.com DPA.
Sub-Processor
To enable the Files.com service, we engage Amazon Web Service (AWS) as a sub-processor. AWS meets our rigorous security and confidentiality standards, which we would require from any future sub-processors. We will notify customers who have signed a Data Processing Addendum of any changes to our sub-processors.
Records of Processing Activity
Whether or not you need to document records of processing activities associated with personal data stored within or transferred through the Files.com platform is a determination you should make with the assistance of legal counsel.
Files.com is not in a position to know what data you are storing in the platform. This understanding and proper data governance is the responsibility of the customer. Please refer to the Files.com Shared Responsibility Model for more information. Please review our comprehensive Compliance and Security page and our detailed Privacy Policy for more information.
Files.com Features Useful for GDPR Compliance
We’ve built tools into the platform that allow you to customize data retention on a per-folder basis, allowing you to automate the data retention timelines you’ve set in your privacy policy.
Our encryption in transit and encryption at rest serve as a technical safeguard when storing personal information.