Skip to main content

General Data Protection Regulation (GDPR)

Files.com is committed to protecting the privacy and security of our customers' data and complies with the General Data Protection Regulation (GDPR).

What Is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data privacy law enacted by the European Union (EU) that went into effect on May 25, 2018. It governs how organizations collect, process, store, and transfer personal data of individuals located in the EU, regardless of where the organization itself is based.

GDPR introduced strict requirements around:

  • Data subject rights (e.g., right to access, rectify, erase, or port personal data)
  • Lawful bases for processing data
  • Data minimization and retention policies
  • Transparency and accountability
  • Security of processing
  • Restrictions on international data transfers

Organizations that handle the personal data of EU residents are required to ensure adequate data protection controls, whether they act as a Data Controller or a Data Processor.

Files.com as a Data Processor

In the context of GDPR, Files.com typically acts as a Data Processor, processing data on behalf of customers who are the Data Controllers. We provide tools and controls to help customers fulfill their GDPR obligations.

Examples of GDPR-related capabilities in Files.com include:

  • Role-based access control and user provisioning
  • Activity logging and audit trails
  • Configurable data retention and file expiration policies
  • Secure encryption in transit and at rest
  • Regional storage options, including the ability to store data in the EU
  • Support for customer-initiated deletion or export of user data

Data Protection Agreement (DPA)

Files.com offers a pre-written, pre-approved Data Protection Agreement (DPA) that incorporates GDPR-compliant language and outlines our responsibilities as a Data Processor.

This DPA covers:

  • Subprocessor disclosures
  • Data breach notification obligations
  • Data subject request support
  • Data transfer safeguards (including Standard Contractual Clauses, where applicable)
  • Technical and organizational security measures

We will execute this DPA for any customer requiring it under GDPR.

To request our DPA, please contact your Account Executive or our customer support team.

Data Storage and International Transfers

Files.com offers customers the ability to store files and metadata in EU-based storage regions to support GDPR’s requirements around data residency and cross-border data transfer.

For international transfers of personal data from the EU to the United States, Files.com relies on Standard Contractual Clauses (SCCs) as a recognized legal mechanism to safeguard data in compliance with GDPR requirements.

Final Note: Shared Responsibility

As with all compliance frameworks, GDPR compliance is a shared responsibility.

  • Files.com provides the platform, tools, and legal agreements necessary to support GDPR requirements.
  • Customers are responsible for how they collect, use, and manage personal data on the platform, and for ensuring that their usage aligns with the principles of GDPR.

We strongly recommend consulting your organization’s legal counsel or data protection officer to determine how Files.com fits into your overall GDPR compliance program.

Get Instant Access to Files.com

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.