How NirvaShare Aligns with GDPR

1. Data Protection by Design and Default

To provide data security and protection, NirvaShare gives utmost importance to security measures and features. To ensure compliance with article 25 of GDPR, NirvaShare collects only minimal data such as username, password, and an optional email address so that only essential information gets stored.

2: Secure Access Control

NirvaShare enables organizations to provide file access with granular access controls based on user access and permissions. Features like  Multi-factor authentication and external Identity Provider (IdP) integration ensure  that data only gets accessed by authorized users.

3: Data Encryption and Security

To protect data and for security, NirvaShare implements:

• End-to-end encryption for file sharing.
• Secure transfer protocols ( FTPS, HTTPS).
• AES-256 encryption for storing sensitive data – These measures align with GDPR requirements towards securing personal data against unauthorized access or breaches.

4: Audit Logs and Monitoring

GDPR mandates organizations to be accountable, hence there exists a need to track data access and processing activities. NirvaShare provides detailed audit logs that can be used by administrators to monitor the activities of file sharing, access events, and user actions in accordance with Article 30 (Records of Processing Activities). By making use of the Notifications feature, organizations can get instant email notifications for all the audit events for better monitoring.

5: Data Subject Rights Management

NirvaShare offers compliance in accordance with GDPR’s data subject rights, including:

• Right to Access & Portability: Users can access shared data securely.
• Right to Erasure (Right to Be Forgotten): Organizations can remove shared content if requested by users. Also, organizations can search, update or delete user related data.
• Right to Restriction & Rectification: Granular access controls permit modifications to shared files whenever necessary. 

6: Data Retention and Expiry Policies

To prevent unnecessary data leaks, NirvaShare allows administrators to set file-sharing expiration policies. This ensures compliance with GDPR’s principle of storage limitation, eliminating the risk of unauthorized data exposure.

7: Compliance with Third-Party Integrations

Organizations usually integrate NirvaShare with Cloud storage providers like AWS S3, Azure Blob, or on-premise solutions. Along with this, organizations can also use NirvaShare to integrate with third party Identity Providers like Microsoft EntraID, Okta, Google Workspace etc.  NirvaShare ensures compliance by offering secure authentication mechanisms like SSO and Multi Factor Authentication, encryption, and adherence to GDPR-compliant data handling practices. User data is shared only with service providers and partners who have adequate data protection measures in place.

8: Data Breach Notification Readiness

Organizations must inform the authorities in the event of a data breach within 72 hours of the time the incident occurred, as specified by the GDPR. NirvaShare’s monitoring and logging functionalities provide an opportunity for organizations to recognize unauthorized access which further makes it possible to act quickly in compliance with Article 33 of the Data Breach Notification.