Skip to main content
Security & Compliance

General Data Protection Regulation (GDPR)

Files.com complies with the General Data Protection Regulation (GDPR) and provides the tools, controls, and contractual agreements that customers handling EU personal data need to meet their own obligations.

What Is GDPR?

The General Data Protection Regulation (GDPR) is a data privacy law enacted by the European Union (EU) that went into effect on May 25, 2018. It governs how organizations collect, process, store, and transfer personal data of individuals located in the EU, regardless of where the organization itself is based.

GDPR introduced strict requirements around:

  • Data subject rights (e.g., right to access, rectify, erase, or port personal data)
  • Lawful bases for processing data
  • Data minimization and retention policies
  • Transparency and accountability
  • Security of processing
  • Restrictions on international data transfers

Organizations that handle the personal data of EU residents must maintain adequate data protection controls, whether they act as a Data Controller or a Data Processor.

Files.com as a Data Processor

Files.com typically acts as a Data Processor under GDPR, processing data on behalf of customers who are the Data Controllers. We provide tools and controls customers use to fulfill their GDPR obligations.

GDPR-related capabilities in Files.com include:

  • Role-based access control and user provisioning
  • Activity logging and audit trails
  • Configurable data retention and file expiration policies
  • Encryption in transit and at rest
  • Regional storage options, including the ability to store data in the EU
  • Support for customer-initiated deletion or export of user data

Data Protection Agreement (DPA)

Files.com offers a pre-written, pre-approved Data Protection Agreement (DPA) that incorporates GDPR-compliant language and outlines our responsibilities as a Data Processor.

This DPA covers:

  • Subprocessor disclosures
  • Data breach notification obligations
  • Data subject request support
  • Data transfer safeguards (including Standard Contractual Clauses, where applicable)
  • Technical and organizational security measures

We will execute this DPA for any customer requiring it under GDPR. To request our DPA, contact your Account Executive or our customer support team.

Data Storage and International Transfers

Files.com offers customers the ability to store files and metadata in EU-based storage regions to support GDPR's requirements around data residency and cross-border data transfer.

For international transfers of personal data from the EU to the United States, Files.com relies on Standard Contractual Clauses (SCCs) as a recognized legal mechanism to safeguard data in compliance with GDPR requirements.

Shared Responsibility

GDPR compliance using Files.com is a shared responsibility. Files.com provides the platform, tools, and legal agreements that support GDPR requirements. You are responsible for how you collect, use, and manage personal data on the platform, and for confirming that your usage aligns with the principles of GDPR.

We recommend working with your organization's legal counsel or data protection officer to determine how Files.com fits into your overall GDPR compliance program.