We use cookies to give you the most personalized experience possible on our website, and to collect information about how visitors use our site. If you continue without changing your settings, we’ll assume that you’re ok with receiving cookies from the XMedius website. You can disable cookies in your browser settings at any time, but please note that parts of the site will not work properly if you disable cookies.

For more information on how we use cookies, read our privacy policy.


GDPR Compliance: An XMedius Solutions Checklist for Government Offices

 In Blog, General, Security, Technology

Get on board with GDPR strategies before the deadline with XMedius Solutions.

On May 25th 2018, the General Data Protection Regulation–GDPR–comes into effect. In essence, the GDPR requires that all organizations that fall under its purview take every possible measure to ensure that the personal information they collect or process has a legal basis, has the consent of the individual on whom it is collected, and can be accessed, modified or erased at the request of the individual. And while it was developed in the EU, the GDPR’s legal requirements apply to any government agency or office that collects, processes, exchanges or stores personal data on residents of the EU.

The penalties for non-compliance can be very high–organizations can be fined up €20 million for breaching GDPR. Just as important is the fact that public trust and confidence in your office or agency is on the line.

By some estimates, even at this late date, only about half of all agencies and organizations that fall under the GDPR umbrella are fully prepared.

Last fall, EU compliance expert Denis Virole of Ageris Group in France identified XMedius solutions as a solid addition any organization’s GDPR compliance strategy. As the deadline approaches, we want to help you fast-track your GDPR compliance.

Compared to other sectors, Government offices around the world process a higher than average amount of personal data.  If you’re considering implementing an FoIP or secure file exchange solution to boost GDPR compliance, we’ve put together some of the regulation’s key requirements, and some essential items you should consider to ensure that your IP solutions addresses these requirements.


GDPR Compliance Checklist


Compliance Requirement

You’re obliged to secure the explicit consent of anyone whose personal information you collect, process or store. Processed data can only be used for limited specified purposes.

Solution Requirement

  • Your file exchange solution should have a configuration option that requests participant consent before any personal data is transmitted and that sets parameters for data use.


Compliance Requirement

Individuals are permitted to withdraw their consent, or have their data changed.

Solution Requirement

  • Your file exchange solution must have features that simplify making corrections or deleting an individual’s records.


Compliance Requirement

Individuals have right to access any personal data that has been processed. Further, an individual can request information on how that personal data is being used, and by whom.

Solution Requirement

  • Your file exchange solution must have the capacity to generate this information upon request


Compliance Requirement

You must be able to rigorously safeguard any personal data you collect, process or store.

Solution Requirement

  • The file exchange systems or processes you use to collect data need to be protected by technologies such as double encryption, two-factor authentication and built-in anti-virus protection
  • You must be able to limit employee access to individual data
  • Must have processes in place to preclude the loss of data
  • Privacy and security features must be built into the systems and procedures you use to collect data


Compliance Requirement

Any organization that processes personal data must track and record how the personal data is processed.

Solution Requirement

  • Must be able to limit access to the personal data you process
  • Must be able to generate and maintain detailed records about how and when data is processed and stored, and ensure that any third-party file exchange or cloud services you use also adhere to GDPR regulations
  • Must be able to create a Data Impact Assessment is case of a data breach or other data degradation
  • Must be able to provide a comprehensive audit trail that details when and how personal data was processed


Compliance Requirement

Any organization that is subjected to a potential data breach must notify the supervisory authorities as well as the individuals who may be affected by the data breach within 72 hours of first having become aware of the breach.

Solution Requirement

  • Your file exchange solution must be able to keep detailed records of all individual file interactions, and have the capability to automatically generate a detailed audit trail as well as a Data Impact Assessment


Compliance Requirement

As a government entity, you’re required to have a Data Protection Officer.

Solution Requirement

  • You will need to seek someone well-versed in cyber security and familiar with state-of-the art IP solutions, which can be simply and rapidly deployed for secure file exchange


Secure File Exchange Solution Checklist

It’s widely recognized that traditional methods of transmitting sensitive or mission-critical data, such as email, zip files, or FTP servers are fundamentally unsecure. State-of-the-art IP solutions can offer much greater security and a superior user experience.

To help you comply with GDPR, as well as with other compliance regulations such as HIPAA, SOX, FERPA, the solution you choose for secure file exchange should offer the following features:

  • A configuration option that asks for an individual’s explicit consent before any data on that individual is collected
  • Stringent security features such as double encryption, two-factor authentication and built-in antivirus protection
  • The ability to produce a detailed audit trail of all processes to which an individual’s data has been subjected
  • The ability to produce a Data Impact Assessment in case of potential data breach
  • The capacity to exchange large files, including video and audio files
  • Customization features that allow you to limit access to private data, delete private data within in a specified time frame, and choose varying levels of security
  • Ease of use from a range of platforms, including smartphones and tablets


For more information on GDPR, see our whitepaper.

To learn more about XMedius Solutions, and how they can take your regulation compliance strategy to the next level, speak with an expert today.



Leave a Comment