The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The requirements are tough and the penalties for non-compliance – big.

GDPR 101

Being GDPR compliant is a major plus in marketing terms for your business. It can improve your business reputation in the eyes of potential customers as they would have more trust in your company with storing their personal data.

Another great benefit of GDPR for your organization is the improved accuracy of data stored in your databases. Customers are allowed not just to access their personal data, but to inspect and validate the stored information.

One of the big drawbacks of GDPR compliance is of course the cost to reach it. Updating your company’s internal policies is not enough to become compliant. You need to make sure that all your products take a privacy-first approach and depending on the amount of EU citizens’ data that you process, you might have to appoint a Data Protection Officer (DPO). This calls for additional cybersecurity features that need to be added in software architecture, meaning more work for developers. Another big concern for companies is the massive fines for non-compliance.

Yes, every organization that processes data of EU citizens must comply with the new regulations, regardless of where it is located.

No. GDPR affects companies in the UK if they have clients in the EU, or store EU citizen data in any form.

The point of GDPR is to ensure fair and proportionate action is taken against those that fail to meet the agreed standards. There are warnings, recommendations and finally fines for the worst-case scenarios. Your business can be fined up to €20 million or 4% of global annual turnover in case of non-compliance.

You need to appoint a DPO in case your company:

  • Processes data on a large scale
  • Processes data systematically
  • Processes special categories of data e.g. data on ethnic origins, sex, religion, etc. or criminal data

How can SkyFlok help with GDPR compliance?

SkyFlok is encrypted and designed to help our clients store files privately across the globe. SkyFlok has the unique ability to let customers determine where their data is stored. We help companies become GDPR compliant by giving them the power to choose the Cloud Storage Locations for their data and full control over it.

Edit Client Space

  • Edit your Client Name or their Email address  

  • Select a logo style or customize the appearance of your clients by adding a custom logo.

  • Select Space Managers who can upload files to this particular Client Space. Team Administrators can see and open every Space, but even they cannot upload/download files if they don’t explicitly have access.  

Archive Client Space

When a Space is archived:
  • The Client cannot access it anymore

  • You can open it, but cannot download and upload files or change anything

  • Can be reactivated any time, but it might take a few minutes

  • Optionally, you can delete the Space and files in it after 30 days mandatory

Recycle Bin

  • Deleted files and directories are stored in the recycle Bin for 30 days.  

  • You can recover them during this period, afterwards they are deleted automatically.

Arrived files in a Client Space

  • This is a secure, private shared folder between you and your client.  

  • You can share files with each other, organize them into folders, delete and restore them as you wish.

SkyFlok & GDPR Compliance

It took over 100 hours of work from our team to make SkyFlok GDPR-compliant –  that way we can make it easy for you to comply. As a privacy-first solution, we pay special attention to data protection and security. Thus, we welcome GDPR’s focus on privacy and accountability.

At SkyFlok we strictly follow the principles related to processing of personal data:
  • The right to be informed about how your data is being collected and how it is used;

  • The right of access which allows users to be aware of and verify the lawfulness of the processing of their data;

  • The right to rectification – users can rectify their personal data if it is inaccurate or incomplete;

  • The right to erasure – enables users to request the deletion or removal of personal data;

  • The right to restrict processing – the data subject shall have the right to obtain from the controller restriction of processing;

  • The right to data portability – allows users to obtain and reuse their personal data for their own purposes across different services;

  • The right to object – users have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority, direct marketing as well as the right to object to processing for purposes of scientific/historical research and statistics;

  • The right not to be subject to automated decision-making including profiling;