X Cloud, compliant with the strictest privacy laws

For Internxt (Internxt SL — ES B98936354), as a company that strives to protect user privacy, it is a must to comply even with the toughest data protection laws. Europe is now covered by the world’s strongest data protection rules. The mutually agreed General Data Protection Regulation (GDPR) came into force on May 25, 2018, and was designed to modernize laws that protect the personal information of individuals. In the GDPR, personal data is defined as any information related to an identified or identifiable natural person

If your business uses cloud storage services for storing, syncing and sharing work files, you are most likely handling personal data in the cloud. Work documents such as business contracts, employee payrolls, or customer lists all contain personal data that you need to protect to comply with the GDPR. Besides, cloud storage services manage your business information for billing purposes, your team members’ personal data such as name and email address, and many other usage-related metadata such as IP addresses. As a consequence, it is crucial to make sure that the cloud storage service you choose meets the requirements of the GDPR. In case you are audited, you have to prove that you use data processors in line with the GDPR requirements.

Internxt, as a data processor, continuously ensures it complies with each and every privacy regulation it shall comply with, especially those relative to the General Data Protection Regulation. Amongst others, X Cloud features end-to-end encryption, done on the client side, a data processing agreement, ability to easily delete stored files and information, all servers where data is processed in our network are also GDPR compliant. As you might be aware of, X Cloud makes use of a huge network of servers, spread all over the world, where encrypted shards of data are hosted, for increased file security, durability and resilience. While some believe (or would try to have you believe) that EU personal data can’t leave the EU, this is simply not true. The general principle for transfers is outlined in Article 44, which can be summed up as saying, if you transfer EU personal data out of the EU, make sure that this data still enjoys the same level of protection it gets under GDPR. In other words, the entity or company that you pass the data to outside the EU must be under a legally binding obligation to follow GDPR data protection principles or the equivalent. Internxt makes sure all its processes are always GDPR compliant. Additionally, Internxt’s X Cloud can also help your business (as a potential data controller) to more easily comply with GDPR.

The GDPR requires that all organizations design and implement workflows and processes with privacy by design and by default. This means that your business should prioritize data protection from the very beginning of setting up new processes. Data protection should be an essential part of all services and not an extra option you add later.

Features like end-to-end encryption have substantial advantages that help controllers better protect data, making compliance process easier. If a data controller uses an end-to-end encrypted service as the processor, the related personal data ‘stays within their company walls’, in compliance with Article 32 GDPR. Secondly, if a strong encryption mechanism is implemented, the data controller will likely to be exempted from notifying the data breach to the supervisory authority and communicating it to the affected data subjects, pursuant to Articles 33 and 34 GDPR. Moreover, except the duties of assistance to the controller pursuant to Article 28 GDPR, the processor will likely fall out of the audit scope in case the controller is audited, making compliance and audit process simpler for the controller.

“The controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including …. encryption of personal data.” GDPR Article 32. Security of Processing

By preventing these types of data breaches, you can also avoid fines up to €20 million, or 4% of your company’s worldwide annual turnover of the prior fiscal year, whichever is higher.

All legal matters at Internxt are taken care of by reputable law firms Ciriaal180 and Granados Barcelona. For more information, please reach out to us at privacy@internxt.com