GDPR Compliant File Sharing Solution & Document Storage

What is General Data Protection Regulation (GDPR)?

GDPR, or the General Data Protection Regulation, became effective on May 25, 2018. Simply put, EU citizens now have greater say over what, how, why, where, and when their personal data is used, processed, or disposed of. GDPR clarifies how the EU personal data laws apply even beyond the borders of the EU. For more detailed information, visit the European Commission website.

Who has to comply with GDPR?

Any organization that works with EU citizens’ personal data in any manner (irrespective of location) has obligations to protect the data under GDPR.

What are the benefits of complying with GDPR?

There are many positive business outcomes of compliance with GDPR including efficient data management, streamlined processes, transparency, security, better internal controls, risk reduction, long-term cost reduction, and updated technology.

What if you fail to comply with GDPR?

Penalties for non-compliance can be steep with fines up to 4% of revenue or €20 million, class action lawsuits, disruption to your business, brand damage and more.

How does SmartVault support your GDPR compliance efforts?

Contractual protection for using SmartVault as a Service Provider

Data controllers have a responsibility to ensure that their contracts with suppliers are adequate under the GDPR. The Supplemental Terms for Data Processing for the SmartVault Service, which are incorporated in the SmartVault Terms of Service by reference and by default, help ensure that all of our customers have the required level of contractual protection for their use of the SmartVault service under the GDPR.

Updated privacy policy in support of GDPR compliance

We’ve updated our Privacy Policy which describes in clear, concise language how we collect, use and disclose your personal information, and what rights you have with respect to the use of your information.

How does SmartVault comply with EU data export restrictions?

Like many SaaS providers, we use Amazon Web Services, a top tier third-party data hosting provider with servers located in the U.S. to host the SmartVault service.

Under the GDPR, the personal information of EU residents can only be transferred outside the EU in compliance with the conditions for transfer as set out in Chapter V (Articles 44-50) of the text. As detailed on this page of the European Commission website, the EU-U.S. Privacy Shield Framework has been formally afforded appropriate adequacy for data transfer to the US by the Commission in respect to GDPR.

SmartVault is certified under the EU-U.S. Privacy Shield Framework as detailed in our listing on the Privacy Shield website.

SmartVault Response to the European Court of Justice Ruling on July 16, 2020

The Court of Justice of the European Union (CJEU) on July 16, 2020 handed down its decision in the Schrems II case (Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems.)

SmartVault is evaluating the impact of the judgement from the European Court of Justice in the Schrems II case which involves the examination of data transfers from the EU. The ruling potentially impacts thousands of businesses, particularly cloud services, who operate globally. SmartVault utilizes the protection of both the Standard Contractual Clauses (SCC) and the Privacy Shield for the lawful transfer of personal data where necessary. And although the ruling invalidates the use of Privacy Shield for the transfer of data, the SCC’s remain valid. You can continue using SmartVault with the confidence that your data is in safe hands.

We are maintaining a watching brief for any new and improved mechanisms that become available to manage compliance with Chapter 5 of the GDPR for International Data Transfers, and are poised to use any improved mechanisms when they become available. Customers of SmartVault can be reassured that we take compliance with all data protection regulation very seriously and will remain fully compliant with the GDPR.

Questions can be sent directly to our Security and Compliance Officer at

What features within the SmartVault services support compliance with GDPR requirements?

SmartVault provides industry standard security measures such as encryption, multi-factor authentication, access controls, and auditing to support compliance with GDPR rules.

Where GDPR requires: SmartVault offers solutions:

Right to be Forgotten

Enables an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.

Your files stored in SmartVault are easily searchable, and based on the user’s permission level in SmartVault, can be deleted.

Right of Access

Individuals will have the right to obtain access to their personal data, so that they are aware of and can verify the lawfulness of the processing. Information must be provided within 30 days of request, free of charge.

When you use SmartVault as your single repository for all documents in your business, you can quickly respond to requests for data access. Instead of combing through network drives, memory sticks, local PCs, emails, paper files, etc., easily and quickly provide access to secure vaults that contain client information upon request.

Right to Data Portability

Individuals can move, copy or transfer personal data easily and securely from one IT environment to another.

SmartVault does not bear ownership of our customers’ documents. Based on user permissions, entire folders as well as individual documents can be removed from the SmartVault platform.

Data Integrity & Secure Transmission of Data

Data must be confidentially and securely processed by your data system. Only authorized individuals should have access to the data consented to.

All interactions with SmartVault occur over an encrypted channel. We employ SSL to protect your documents, passwords, and interactions with SmartVault from eavesdropping. SmartVault encrypts your documents and all information stored in our databases at rest. The data is encrypted using AES-256. More details can be found in our Security Overview.

Use the principle of least privilege when setting up users in your SmartVault account. User permissions allow you to select which vaults and folders each employee and client has access to.

Full Document & Workflow Audit

Fully document how data is processed and transferred and for what reasons you have to do so. Document who has access to the data at each stage of processing and transfer.

SmartVault is designed to allow access to documents via authenticated logins. In other words, documents stored in SmartVault are only accessible if you log into the service or share the documents with another individual that must log into the service.

SmartVault employs an Activity Log that you can use to review:

  • Who has been granted permissions to access documents
  • Who has actually accessed documents and what action was performed (upload, download, deleted or changed the properties of any document)

SmartVault Supports Your Compliance Efforts

GDPR wants you to think about privacy and data protection from the beginning, not as a bolted-on after-thought. Documenting your workflows is the first step to build privacy into your everyday business operations. Choose technology that supports streamlined, secure workflows for your business and create internal controls and processes to maintain the utmost security posture. This is commonly known as Privacy by Design, and includes:

  • Limit Data: Only collect what is necessary.
  • Limit Processing: Only process data for the purpose that it was collected for.
  • Limit Access: Only authorized individuals should be able to access data.
  • Impact Assessment: Conduct assessments for personal data that is high risk to individuals.
  • Keep Reviewing: Keep checking the confidentiality, availability & resilience of your systems.
  • Record Keeping: Note processing, data categories, erasure time, and storage locations.

Get Started Now

Open a free trial account to get started now.

Start Free Trial
See SmartVault in Action

Book a 15-minute demo to see exactly how SmartVault can work for your business.

See A Demo