Back to blog
How To Share Documents Online: Considerations & GDPR Tipson 6 April 2020Posted by Kevin Senior
Sharing files online with clients and other team members can often be a challenge. File-sharing solutions cater to different needs, and you may not be sure what approach you should take. Not to mention concerns about governmental regulations like General Data Protection Rules (GDPR).
If you’re just starting to investigate how to share documents online, check out the below. We’ve included a variety of aspects to consider in a file-sharing solution depending on your use case, as well as several tips for GDPR-compliant file sharing.
Wondering how to share documents online? Start by considering your needs.
1. Are you sharing files with clients?
When sharing files with clients, you need to consider:
- Whether the files are sensitive or confidential. You may need a more secure means of sharing files in some cases.
- How frequently you need to share files. Ongoing, frequent sharing will require specialized solutions, whereas one-off sharing can typically be handled with something simpler.
- Whether you need evidence of client receipt. This may be related to legal requirements or simply peace of mind for your team.
There are several approaches you can take here. In some cases, physical mail is still viable. This may be necessary for legal reasons. For example, a highly regulated project for the government may require that all files be delivered on a CD or flash drive and be provided in paper form as well.
In most cases though, everyday email suffices for one-off document sharing. File-sharing services like Dropbox also provide an alternative solution.
The best way to share files online with clients on an ongoing basis is through a client portal. This enables them to access files on demand and provides you with an audit trail of what files they access and when.
Want to go beyond simply sharing files with clients? Start your free trial of Glasscubes and give your clients a sharing experience through a branded client portal.
2. Are you sharing large files?
When considering how to share large files, think about:
- The size limitations of email. While acceptable for sending a small document quickly, email isn’t suited for large files. Most email services have a max size of 25 MB for a single email.
- Ease of use. The less friction in sharing files, the better for you and the recipient.
- Accessibility. Internet access, connection speed, and other things could stand in the way of accessing the shared file.
The best way to share large files is through cloud services. Instead of sending a file directly, you upload it through the service and provide the recipient with a link for them to download it. (Tweet this!)
File-sharing services like WeTransfer and Dropbox follow this basic premise, providing an easy way to share your documents with anyone around the world.
In rare cases where the recipient may have limited or no internet access, you may need to seek an alternative solution. For example, if the recipient is out on an oil rig with a slow connection, you may need to arrange a physical delivery of a CD or flash drive.
3. Do you have a need for versioning and document control?
When you’re looking for document control with your file sharing, you need to consider:
- Document control vs. version control. See below how the difference between them will impact your solution.
- Accessibility. You need a way to manage situations where two or more people will access and make changes to the same document.
- The control limitations of email. Once it’s sent, that’s it. You no longer control the document or its current version.
There’s a distinct difference between “document control” and “version control” that could affect your decision.
Document control entails literally controlling documents—parties who have access, who has the document currently, locking documents, etc. This means seeking a solution that has a check-in/check-out capability, enabling documents to be locked against further changes while someone has it checked out. This type of feature is good for when approvals are needed. Glasscubes is a useful solution for this need.
Version control—being able to identify the current version of a document—is similar but can be satisfied by having a living document where changes are made in real time. Google Drive is a popular solution that uses version control but does not necessarily “protect” or lock any one version.
4. Do you need to share and collaborate?
When you’re looking to collaborate on shared files, you need to consider:
- The need to communicate around content. Oftentimes, sharing a file isn’t enough. Your team needs to discuss and reference a document in context, continuously.
- The limitations of email. While great for a memo or update, email quickly becomes cumbersome for ongoing discussion, especially regarding a document. Plus, people often bring up unrelated topics on email chains or forget to reply all, derailing the continuity of the discussion.
- The limitations of Dropbox. It enables you to store and share, but collaboration is limited to basic commenting.
To collaborate with shared files, you need a solution that includes more features than simple file sharing. Your team must be able to not only discuss a document but be notified of discussion so they don’t miss out. Members should be able to add commentary directly to the file, so that other team members can easily see what’s being referenced.
There also needs to be transparency and auditability in who has accessed the document and when, in addition to the ability to approve file versions. Glasscubes covers all these areas. (For example, see the screenshot below of its file-locking feature.)
Regardless of why you need to share files online, if you’re in the EU, you’ll also have to consider GDPR. In the next section, we walk through a few GDPR considerations and tips to ensure your file-sharing experience is up to par.
Your Filing System & GDPR
Implemented in 2018, GDPR builds on the protection given by the Data Protection Act (DPA)—a 1998 Act of Parliament designed to safeguard personal data—but focuses more on accountability and governance. These aspects were implied under the current rules, but they are explicitly called out under GDPR. The intention is to increase the protection of an individual’s personal data and to minimize the impact of data breaches.
GDPR applies to all personal data about EU citizens—wherever that data is held and wherever the organisation holding it resides. For more details, you can check out our previous post about GDPR.
Essentially, you now need to have relevant and explicit governance in place. If you already follow good privacy practices, then you probably already largely comply with the new regulations, but you should still verify. Here are some GDPR-compliant file-sharing tips to get you started.
6 Tips For GDPR-Compliant File Sharing
1. Manage your files in a compliant manner.
Most organizations have inconsistencies with the way folders are named and structured. Folders are mislabeled and forgotten when creating new hierarchical structures. With GDPR, it’s essential that any files containing personal data are managed in a compliant manner:
- Know exactly how much personal data your organisation maintains about individuals, where it is and whether it is sensitive as defined under GDPR.
- Keep files with common compliance or retention rules together—they are easier to archive or delete as a group this way.
- Update (or put in place) GDPR-compliant procedures for managing consent, storage, and data breaches.
- Assign your data processors and data controllers, and ensure they understand the new rules.
- Define clear responsibilities and accountabilities for processing and controlling data, especially where there is a response deadline.
- Keep file management simple—people will remember it easier.
- Maintain a plan that everyone can refer back to.
- Be consistent, and don’t allow exceptions.
2. Grant access intelligently.
Not everyone will need the same access to all documents at all times. Think about what you need to share, and who needs to have access to your documents. Permission levels come in handy—beyond file access, consider whether approved users need viewing or editing privileges, and whether they need offline access.
Under GDPR, people have a right to a free electronic copy of their personal data, and the right to be forgotten if the personal data is no longer relevant to the original purpose of collection—barring certain exceptions. In practical terms, this means you need your access processes to be flexible enough to abide by these requirements in a timely manner.
3. Secure your documents.
Your documents contain valuable intellectual property and customer information. Under GDPR, you’ll need to be certain exactly what personal information is contained within them. (This was also true under DPA, but the definition of personal data is now wider.) Storing and sharing files online helps you retain control over document security.
Here are a few steps you can take to be more secure in your file-sharing practices:
- Choose a file-sharing solution that stores data in the EU and encrypts your data securely.
- Don’t store local copies of documents—it’s too easy to lose track of them and fall out of compliance.
- Put in place the means to detect and deter data breaches.
4. Encrypt your data.
GDPR requires that you implement measures to ensure the appropriate security and confidentiality of personal data you maintain. Public sector agencies and similar large organisations should look for the best level of data encryption available, depending on how sensitive their data is under the new GDPR definitions.
As a certified G Cloud Framework provider, for example, Glasscubes stores your data in an ISO27001 certified data centre, based in the heart of London’s financial district. With over 20 data centres across Europe, the London facility is the data centre of choice for trading exchanges and financial platforms, having the highest power uptime reputation in London. All of your data is backed up instantly, and access to our service uses a 2048-bit encryption to ensure the transfer of data is secure between you and our servers, and while at rest.
5. Establish clear audit trails.
A good audit trail is important for both internal management confidence in your quality system and to comply with GDPR. You need to know who accessed what documents, and when; otherwise, tracking down people who touched a document will be challenging. A solid online file-sharing solution should automatically create an audit trail for you.
6. Practice consistent document retention habits.
Keeping documents longer than needed is a common issue with simple file management. This is mostly due to one of two reasons: it’s an annoying process to purge the documents (paper or electronic), or people don’t know how long they’re required to keep certain documents. Under GDPR, it’s important to know what’s in your archive, and to only keep documents that are necessary. Consider also:
- Systems should be designed so that only essential and necessary data is held and accessible.
- If at all possible, don’t allow offline copies of documents—all official documents should be in controlled, online folders.
- Delete documents not needed day to day, or at least move them to an encrypted and managed archive.
- Your industry may have additional rules and regulations on how long your organisation must maintain a copy of your documents.
Don’t just share files. Share everything—with Glasscubes.
Glasscubes is your go-to collaboration hub that combines communication, task management, and file sharing together to help your team reach optimal productivity levels. You can share files with key stakeholders—from teammates to clients to vendors—while complying with GDPR. Take advantage of automatic version control and the ability to set up document approval workflows.
Pair these robust file-sharing capabilities with clearly assigned and trackable tasks. Plus, enjoy a secure collaboration environment, complete with multi-location data distribution across the UK, data backup and archiving, and encryption of data in transit and at rest.
Ensure you’re practicing GDPR-compliant file sharing, and satisfy all your collaboration needs with one solution. Start your free trial of Glasscubes today.
Subscribe via RSS
Browse by Date
Explore other topicsclient portals for accountants