Nextcloud releases GDPR Compliance kit for on-premises collaboration solution

Many companies have been working hard to ensure they are GPDR compliant by the end of this week. For many, Nextcloud has been a part of that, simplifying compliance by helping companies keep sensitive data in-house. Today, we release a Nextcloud Compliance Kit to help these organizations comply with the requirements of the GDPR.

GDPR requirements

The GDPR requires businesses and other organizations who handle data from private users to offer clarity about how they use this data as well as a way to access, rectify or delete it. When dealing with a public cloud vendor, data leaves the control sphere of the business and a Data Processing Agreement needs to be signed with the cloud vendor. The business then has to ensure processes are set up to deal with GDPR related requests to be compliant. Keeping data in-house by self hosting negates the need for dealing with one more external party, keeping the whole process in-house and simplifying compliance.

The Data Request application shows buttons to request an export of personal data from the administrator in the user settings

The security requirements demand organizations to take appropriate measures to secure data. A Nextcloud Subscription delivers security patches and consulting based on our expertise and Security Bug Bounty Program, helping Nextcloud customers to make sure that this requirement is met.

Compliance Kit

The kit offers Nextcloud customers tools and documentation to make compliance a checklist-affair. Specific features in two Nextcloud apps and an update, a GDPR compliance steps walk-through and a detailed account of data handling in Nextcloud with instructions on how to extract, modify and delete data as required by law, make up the package.

GDPR compliance is a major concern for many of our customers. Our GDPR Compliance Kit essentially takes these concerns away with regards to the file handling, collaboration and communication capabilities as offered by Nextcloud

— Andreas Rode, head of sales

Nextcloud now offers organizations who host a Nextcloud server apps that help their GDPR compliance, depending on their specific circumstances:

  • The Imprint update to the theming app enables businesses to show a link to a legal notice or privacy policy on login
  • The Delete Account app enables businesses to offer users an easy way to delete their account as required under the GDPR
  • The Data Request App adds a way for users to request data, changes or account deletion from their user settings.
Adding an imprint link to Nextcloud 13

Moreover, Nextcloud offers customers access to a GPDR Compliance Checklist and a nearly 20 page detailed GPDR Admin Manual indicating where data can be found on a typical Nextcloud server and how to handle requests for extracting, rectifying and deleting data.

The GDPR Compliance Kit dealt with all our concerns. The global nature of the research community with frequent collaboration with European researchers and students requires global compliance awareness and an on-premises solution backed by the expertise of Nextcloud GmbH gives us the assurances we need.

— Hans Erasmus, Junior Infrastructure Architect at the North-West University in South Africa.

The User account deletion app allows users to delete an account without administrator assistance.

The apps and GDPR checklist are released to the general public while customers have access to the full compliance kit including GDPR Admin Manual. The apps can be found on the Nextcloud app store while the GDPR checklist can be downloaded from our website. If you have questions about Nextcloud and GDPR compliance, contact us!

Today, Nextcloud also announces a partnership with Red Hat to offer full-stack in-house storage and solutions to help customers with GDPR compliance.