Employees are going to share files. It’s an essential part of collaboration. For any project involving more than a few people, this is likely to involve a cloud-based file sharing solution. In environments requiring GDPR compliance, that can be a problem. Especially when regulations state how data can be used and where it is stored, and require that you be able to find and delete information when asked.
In EMEA, GDPR is now in effect. And in the US, one of the country’s toughest privacy regulations, the California Consumer Privacy Act of 2018, was voted into law on June 29.
New storage solutions can help you remain in compliance, but first let’s consider the problem.
GDPR Compliance Places New Demands on File Sharing
Users appreciate the simplicity of cloud-based file sharing, but this may come at the cost of IT control. In the cloud, do you know what data is being stored, how it is protected and who has access?
Loosely managed assets can run afoul of regulations that impose requirements to:
- Maintain data within specific physical boundaries
- Control use of personal data
- Delete instances of personal data if requested (aka, “the right to be forgotten”)
When data is shared among users and further replicated across the cloud, control is lost and the potential penalties mount. From IT’s perspective, what’s just as troubling is that your ability to respond to regulatory demands may be lost. When you receive a data subject access request (DSAR), can you quickly find all instances of the information?
The right to be be forgotten requires tight control. You cannot be sure of “forgetting” someone if you cannot locate every instance of their data. A single GDPR compliance lapse can cost the company many thousands of euros.
Solution: Cloud-like File Sharing and On-Prem Storage with Cloudian + SME
Cloudian now offers a simple solution: Cloudian storage plus Storage Made Easy (SME) collaboration software.
The combined solution is cloud-like file sharing software and an on-prem storage system that is under your control… and behind your firewall.
This combines the best of both worlds:
- Ease-of-use: A cloud-like experience for your users makes it easy to adopt and use the service
- Your security framework: The shared data repository receives the same protection as any other file, and the same access controls (VPN, AD, LDAP)
This lets you handle collaboration just as you would manage and monitor any other file service, with the same controls, same firewall, and your preferred data protection method.
Personal Data / Personally Identifiable Information Management
Personal data, or PII, is central to GDPR compliance and data privacy laws. Passport numbers, social security numbers, credit cards, etc, are ideally not being shared, but we’ve seen too many instances of laptop theft resulting in the disclosure of sensitive PII.
The Cloudian/SME solution scans documents for PII, and takes action or sends notification as defined by your policy. Out of the box, it recognizes over 60 forms of PII, and you can add definitions to suit your needs.
Shared Links Include Time Limits and Password Protection
Shared links to files can be password protected and time limited, providing an additional level of control. No more evergreen links that can be widely shared outside of your control.
Easy-to-Use
The solution is as simple to use as any cloud solution. Files can be accessed from Windows, Mac, Linux, IoS and Android platforms. You can view files/folders in Explorer/Finder, as with any storage system, and view within the apps own UI. The included UI adds capabilities as viewing the physical location of the file’s storage system, an important attribute for compliance. And you can see at a glance what personal data is present.
Highly Rated Storage
Best of all, the storage repository is Cloudian Object Storage, the most highly rated object storage system on Gartner Peer Insights. This limitlessly scalable system earned the highest “recommended” level at 96% positive, and the highest rating with 4.8 out of 5 stars. With up to 14 nines data durability and integrated data protection, it’s the ideal foundation for enterprise collaboration.
Find out more about this solution and GDPR compliance at cloudian.com/collaboration.