GDPR-compliant and secure data exchange

Date of publication

How can data, for example payrolls, be exchanged between the client and the payroll service provider in a secure and GDPR-compliant manner? Of course, this should also be done in a practical way and without much effort.

I describe a user-friendly, secure and GDPR-compliant solution, completely without email and password-protected PDFs.

Is: Data exchange via e-mail

According to the Berlin data protection commissioner, data exchange via e-mail is GDPR-compliant if both sides guarantee SSL encryption.

Often, customers do not even know exactly whether the email server they use performs SSL encryption. Perhaps they have not activated the setting in their email client and therefore do not use SSL encryption.

Experience shows that such data is often sent as a PDF file with a password. This is a good start, but not practical. The HR manager doesn't want to decrypt all the pay slips with the password every time. What if the password is forgotten after a year? Or what if the pay slips are to be distributed to all employees electronically? Then individual files must be created on the entire PFD.

Our customers from the payroll accounting and tax advisor sectors found this impractical and asked us for a user-friendly solution.

Target: Data exchange via Nextcloud

Just imagine that the payroll service provider calls up a favourite in his computer's browser and thus gets to his client's Nextcloud. Now quickly enter a password and access is granted. Now data in the Nextcloud folder can be exchanged between the client and the contractor.

How does it work?

A small mini-computer (the size of a DIN A5 page and around 5 cm high; power-saving and without a fan) with a Nextcloud is installed and integrated into the network. Nextcloud is an open source software that allows you to operate your own cloud on your own hardware in your own office in a secure and GDPR-compliant manner. This means you are always the master of your data.

If I have such a Nextcloud in my office, I create a new folder for my order processor, share it with her and give it a password. Now I copy the generated link to this folder and share it with my service provider along with the password. This takes less than two minutes. The service provider enters the link in her browser with the password and is immediately in the Nextcloud folder. She can then store all the documents there or take them out and create new folders.

Would you like a demonstration/test?

If you want to see for yourself, then contact us. We'll be happy to show you how the more secure GDPR-compliant data exchange works and how it feels. You will be surprised how easy it is.

Conclusion

Our customers find this solution very practical because you can use it via any internet browser on a wide variety of computers and mobile devices. There is no need to send data back and forth by email and encrypt it. Simply push the desired file into Nextcloud and the data exchange is done.

And if that's not enough, you can also share a calendar, an address book and much more in the Nextcloud.

Profile picture for user DeepL

DeepL is a deep learning company that develops AI systems for languages. The company, based in Cologne, Germany, was founded in 2009 as Linguee, and introduced the first internet search engine for translations. Linguee has answered over 10 billion queries from more than 1 billion users.

Profile picture for user manfred.woeller

Manfred Wöller

Manfred Wöller is a TÜV-certified data protection officer who makes data protection requirements technically feasible as part of the team. He is also a passionate vegan cook who takes care of the physical well-being at community events.