We’re sure that security of users’ personal data is as important for you as it’s for us. Therefore, read this article to learn how ONLYOFFICE Enterprise Edition can simplify your compliance and help your organization meet GDPR requirements.
According to the new data protection law, ONLYOFFICE acts both as a data controller and data processor. Read more about it in this blog post.
Working with personal data of your users in ONLYOFFICE, you also act as a data controller. That’s why, we ensure not only our own compliance, but also help you comply with the GDPR.
The GDPR governs personal data rights, including the right to access, update and delete information, the right to withdraw consent to process personal data, the right to lodge a complaint with a supervisory authority, and other.
We’ve already tailored our data security policy taking these rights into consideration. So, learn how you can respect them acting as a portal administrator in ONLYOFFICE Enterprise Edition.
Right to access and update data
As an administrator or portal user you have access to the following personal data: first and last name, email, date of birth, contact information. You can easily update personal information at any moment on your Profile page. To change passwords and emails, additional steps are required. For security reasons, passwords in ONLYOFFICE aren’t displayed or sent directly to users. Instead, you receive a notification with instructions on how to proceed to the specified email address.
Administrators are also able to alter this info upon users’s request.
Right to be forgotten / Right to object
Being a portal user when leaving the organization, you can permanently delete your profile and all the personal data stored there on the Profile page (instructions on how to do that will be sent via email as well) or contact a portal administrator to do it.
To stop processing personal data, administrators can disable users. In this case, content created by disabled users remains on the portal, and can be enabled at any time upon the request.
Or delete the personal data permanently removing:
In order not to lose important corporate information, administrators can reassign some types of data to other users.
Right to be notified
If any data loss that compromises personal data occurs, administrators have to notify users within 72 hours via email or chat available in ONLYOFFICE.
On-premise installation and open source code guarantee transparency and reliability. Running ONLYOFFICE Enterprise Edition on your own server and keeping all data in-house, you don’t need to deal with external parties. You can be sure that nobody from the outside gets access to your own and your users’ data stored on the portal.
Besides, ONLYOFFICE Enterprise Edition provides portal administrators with a set of security tools and features.
Protect data from hacking
To encrypt, and therefore secure portal traffic, enable HTTPS protocol via the Control Panel interface.
Control access to the portal
Control access to sensitive data and files
To protect specific data from unnecessary attention:
* The traffic on your portal is automatically secured with JWT (JSON Web Token). It protects documents from unauthorized access, that’s why users, or guests are able to perform only certain operations and can’t access more data than permitted to them.
Monitor potentially fraudulent behaviour
Prevent any data loss
More instructions on how to secure ONLYOFFICE, you will find on the security page, or in this article.
In case you have any follow-up questions regarding ONLYOFFICE and our GDPR compliance, please contact us at support.onlyoffice.com.