GDPR and Doing File Sharing Responsibly

In a world now obliged by European GDPR laws, have you considered privacy when it comes to the use of filesharing apps like Dropbox or WeTransfer?

There’s no doubt that File sharing apps are the easiest way to ensure you can keep working when you hit a pesky email quota or a corporate firewall, but can you assure your customers that their data is safe?

GDPR now requires a lot of businesses globally. You need to be in control of any customer data you hold. You need to know where it is, who has access, how it’s used and also provide the ability for people to review their data and delete it under certain circumstances.

How would you go about ensuring a file sharing site like Dropbox or WeTransfer, with data centres all around the world, actually have the ability to locate all copies of your shared client data and remove it? They may be able to remove it from their systems, but what about the backup from two weeks ago?

This is just one of many reasons why it’s a bad idea to store, share or transmit personal data on a public file sharing system.


When you share a link from Dropbox (or any site on a public cloud) by email, every person who has access to that link can see the file you shared.

If your email is intercepted, or forwarded you have no control over who can see that file, whether it is downloaded, or who it is sent to after that. 

You’ve lost control.

Even if you are careful, what about your employees?  Are they going to tell you they’ve just broken your internal policy to get that file to a third party and finalise the deal? Have they put any rigour into how that file should be treated after the information has been used?

When your employees are in control of your data, this is a huge liability for you. Even if you trust your employees to do the right thing, respect your company policies and be particularly security conscious.

Not having control can cost you, big time.

If you handle any data from a European entity, you must know and choose where your data is stored. Any company handling personally identifiable data is required to be GDPR compliant. If there is any incident, a company can be fined 20 million euros or 4% of a company’s annual revenue – whichever is greater.  Ouch.


When it comes to storing data, choosing a company based on location is not enough.  The location of servers matters more. In some countries governments can get access to all data stored on all the servers stored inside the country. You need to have confidence that wherever your data is physically located, it will not be accessed by foreign governments. If you don’t get a handle on this you will be breaking compliance rules without even knowing it, and big fines will follow.

Currently in many countries around the world, organisations tend to store their data with a handful of large companies.

This means that customer data – the stuff you are charged with protecting – could be stored on a few servers, of a few companies.

These companies are big targets of hackers and they can create a big impact if they are attacked. Every person or company who relies on being able to access or keep their data safe becomes compromised.

Even though these companies likely have the biggest and best security teams patrolling their servers and network, the risk is always larger because sheer size and reputation makes them a juicy target for malicious attacks.


The efforts of hackers are not going unnoticed. You only need to look at the news to hear about how large companies have been targeted by hackers. Recently British Airways, Facebook and even Cathay Pacific have been in the news for hacking events.

Every server can be hacked, whether it’s by malicious people using vulnerabilities to get access to a system, or through phishing emails sent to your employees.

The thing is when you are hacked, you need to know about it as quickly as possible so that you can take action, limit potential damage and meet your reporting obligations under GDPR.

Historically, big companies haven’t been that great at warning customers after a hack, preferring to keep the hack concealed rather than lose face in front of their customers.

In reality, the only way to be 100% certain that your data is safe, is to be able to monitor the data yourself.


So if you can’t use the big guys to store and share your data is private cloud the answer? Recently a lot of movement has been happening in the private cloud space, using secure open-source software.

Recently Nextcloud started to solve this problem. Nextcloud is highly secure open source software that emulates Dropbox – except that all the data is stored on your own server.

Private clouds are essentially data stores that are in your control.

So by setting up a Nextcloud server through your hosting company, you can be assured that it is secured with your own protection and security.  By self-hosting, you can make your installation more secure than a publicly hosted one, because you can limited access to a range of known IP addresses. If you don’t have an IP address from within the organization you won’t be able to get in. The German Federal Government’s Bundescloud runs on a Nextcloud server, 100% firewalled from the internet.

Nextcloud is more than just file sharing. Because it’s hosted privately, you can add more apps and create an eco-system around your files – strengthening the bond between your employees and Nextcloud while putting the tools your employees need in their hands.

Everything from open source office applications, to mind mapping tools and even note sharing tools similar to Evernote are all available to install and distribute alongside Nextcloud. And if there’s not an app available, your tech teams can even install their own apps.


The answer lies in taking back control. Control is something public cloud vendors can’t give you. They can give you a polished brand, certifications, and money-back promises, but they can’t guarantee your data will be safe.

Self-hosting remains the most efficient way of staying in control of your business data and keeping your employees and colleagues productive, and your clients happy. Nextcloud gives you what you need to do just that.


Nextcloud private cloud from AsporeaAsporea offers Nextcloud bundled with Asporea Virtual Private Server starting from just USD$10 per month. This will give you a starter package with 25GB of data, fully upgradable at any time.

Speak to our consultants to understand more about how a Nextcloud private cloud on one of our servers could help your business meet their privacy obligations.

Share on facebook
Share on twitter
Share on linkedin

A Better Way to Build Websites

We feel there’s a better way than fulfilling the demands of a requirements document – and it’s about putting our clients at the centre of what we do.

Read More

What are the Benefits of a CDN?

If you don’t know much about what a Content Delivery Network (CDN) is, and what it does, then start here. This will give you an overview and help you build your knowledge and make a decision about whether CDN is right for you.

Read More