GDPR

General Information

GDPR compliance is a shared challenge by companies and state-owned organizations. Nextcloud offers a number of features in order to help customers meet the strict requirements.

Some of the below features are available as Apps. If you'd like to use them, please, consult your provider of App availability on your Nextcloud version. We are happy to help.

In a Nutshell

GDPR requirements

Security and Encryption

The GDPR requires organizations to ensure adequate protection for private data, from encryption to clear and well implemented security practices.

Availability and access

Private users have a right to demand a full overview of what data is collected, including an export of what an organization has on them.

Transparency and auditability

Upon request, an organization has to be able to show what they do with user data, who has (had) access and they must be able to modify or delete any data they have on private individuals.

Official Nextcloud Documentation

In order to fulfill the above we recommend the following apps and settings.

Security

Enforce strong password policy

The default settings are the following:

image-1618584880542.png

We recommend setting the policy according to the below principals:

  1. Minimum password length: 8
  2. User password history: 12
  3. Number of days until user password expires: 30
  4. Number of login attempts before the user account is blocked: 10
  5. And enable the following:

Dual factor authentication

This feature is not flexible in terms of how many devices can be added as a 2nd factor. Turn it on only after consulting with your administrator.

Encryption

Server side encryption means that a master key is generated on the server which will encrypt all uploaded files from the time of the service being turned on.

image-1618587152206.png

For more information about server side encryption, consult the official Nextcloud documentation.

Availability and Access

To review how to meet this requirement check our Activity log and Data request articles.

Transparency and auditability

To review how to meet this requirement check our User account deletion and Terms of Service articles.

image-1618588780072.png

This will be visible on the logon screen.

image-1618588956126.png

Please, note that this guide is offered "as is". We strongly advice that all of our customers should consult a GDPR expert to review their own unique needs! When the requirements are clear, we are happy to help to implement them from the technical side.

Request User Data

As part of the GDPR requirement that each user needs to be able to access their data that is stored on the provider's servers, we give two options for the customers to accomplish this.

Download your data from the UI

Login to Nextcloud

Go to the Files menu

image-1618581174956.png

Highlight all your folders in the root folder and click the Actions menu and click Download

image-1618581251674.png

Your files will be downloaded in a .zip folder:

image-1618581316790.png

Ask for your data from your admin

This feature is available as an App. If you'd like to use it, please, consult your provider of the App availability on your Nextcloud version. We are happy to enable it for you, if it's available.

Go to Settings 

image-1618581455275.png

Under Personal info > Account, click on Request data export

image-1618581520706.png

This will send a notification to your administrator that you'd like to have an export of all your data.

User Account Deletion

As part of the GDPR requirement that each user needs to be able to delete their user account or have the possibility for the deletion of their account,  we give two options for the customers to accomplish this.

This feature is available as an App. If you'd like to use it, please, consult your provider of the App availability on your Nextcloud version. We are happy to enable it for you, if it's available.

Request for an account deletion

Go to Settings 

image-1618581455275.png

Under Personal info > Account, click on Request account deletion.

image-1618581771442.png

This will send a notification to your administrator that you'd like to have your account deleted.

Delete your own account

This option works only if you have a configured email address.

This process is irreversible! Use it at your own risk!

Go to Settings 

image-1618581455275.png

Under Personal info > Account, click on Delete account

image-1618581858736.png

Tick the checkbox to confirm the deletion request and click "Delete my account"

image-1618582458017.png

An email will be sent to you to confirm the deletion

image-1618582521135.png

Check your Inbox and click the button if you are absolutely sure.

This process is irreversible! Use it at your own risk!

image-1618582587381.png

Your account will be deleted and you will be taken to the login screen.

 

 

Activity log

In order to follow the activities in connection to your account you may use the activity menu.

Activity menu

Log in to Nextcloud > Click on Activity in the top menu

image-1618582825908.png

You will be taken to the activity log. Here you can browse according to event categories or scroll down to see the events timeline.

image-1618582870574.png

Side-bar

You may also check what activities have taken place on a certain file or folder in the side-bar.

Click the "meatball" menu (...) and choose Details > the Side-bar will open where you can view the activities, comments and shares related to that file or folder.

image-1618583991188.png

Notifications

In order to get notified if a certain event type takes place, go to Settings

image-1618582906707.png

Choose Activity from the side menu and tick the checkbox in front of the activity that you'd like to be notified for. 

image-1618583030016.png

You may choose the frequency of the notification emails from the drop-down.

You may choose to receive daily activity summaries by checking the box.

image-1618583148519.png

Terms of Service

In order to meet the requirement of GDPR that you are transparent about how you handle data on your website, Nextcloud offers the possibility to set a Terms of Use. We cannot help with writing your rules of the game, but here is how to configure it.

This feature is available as an App. If you'd like to use it, please, consult your provider of the App availability on your Nextcloud version. We are happy to enable it for you, if it's available.

Configuration

Go to Settings (Administrator account)

image-1618587859276.png

Choose Terms of Service

Select the region and the language where this given Terms of Service applies