DriveHQ GDPR Compliance | DriveHQ GDPR FAQ | Resources for Businesses | DriveHQ Security Documents | DriveHQ DPF Policy

DriveHQ cloud IT service complies with the General Data Protection Regulation (GDPR). By migrating your in-house servers to DriveHQ cloud, not only can it save cost and offer better services, it can also help your organization achieve GDPR compliance.

What should a company do in preparation for the GDPR

If you have already implemented a high bar for compliance, security, and data privacy, then you are probably ready for GDPR. Otherwise, you need to review your security, compliance, and data protection processes to ensure a smooth transition to GDPR. Below are a few key points that you should consider:

Does it apply to you?

The GDPR applies to all organizations that are established in the EU; it may also apply to you if you are established outside the EU, but you store or process EU personal data. Even if it does not apply to you now, you might still want to review it as security and data protection is very important regardless of GDPR.
Data Subject Rights:

The GDPR enhances the rights of data subjects. For example, data subjects have the right to object to the processing of their data and they have the right to data portability. You will need to make sure you can accommodate the rights of data subjects if you are processing their personal data.
Data Breach Notifications:

If you are a data controller, you must report data breaches to the supervisory authority without undue delay, where feasible, not later than 72 hours after having become aware of the breach. DriveHQ cloud IT system gives you control over how you want to process personal data and protect it. It gives you the ability to monitor your own data for privacy breaches. You need to be able to notify regulators and affected individuals as required under the GDPR; DriveHQ will notify you without undue delay if we are aware of a system-wide breach.
Data Protection Officer (DPO):

If you have over 250 employees, you are required to appoint a DPO who will need to manage data security and other issues relating to the processing of personal data.
Data Protection Officer (DPO):

If you have over 250 employees, you are required to appoint a DPO who will need to manage data security and other issues relating to the processing of personal data.
Data Protection Impact Assessment (DPIA):

You may need to conduct, and in some circumstances you may be required to file with the supervisory authority, a DPIA for your processing activities. This will need to identify your data handling procedures and processes, as well as the controls in place to protect personal data.
Data Processing Agreement (DPA):

You may need a DPA that will meet the requirements of the GDPR particularly if personal data is transferred outside the EEA.

DriveHQ tools & features that help customers comply with GDPR

DriveHQ offers a wide range of services and features that help customers to meet requirements of the GDPR, including services for access controls, monitoring, logging and encryption.

Access Control:

By default, users' files are secure and private, unless a user has explicitly shared or published his/her content, or uploaded data into a shared or published folder. A user must log on to access his account. In addition to regular username and password based login credentials, DriveHQ supports:

- Two-Factor-Authentication (2FA)
- Fine granular access control in sharing folders with other users
- Strong password and password change policy
- IP Address and IP Range restrictions
- Accessing files with a temporary session key that is limited to the initial IP address

Event /Audit Log:

DriveHQ supports the event log (audit log) feature. It can help customers monitor account activities and detect unauthorized access or data breach.

Configure logging options
Query events based on a wide range of events and other criteria
Monitor activities;
Monthly event log report and archiving

Data Encryption:

DriveHQ supports data encryption on both transmission and at rest.

Data transmission with SSL/TLS (HTTPS, FTPS, SFTP, SMTP,POP,IMAP over SSL)
Optional client-side encryption with DriveHQ FileManager and DriveHQ Online Backup.