Nextcloud releases GDPR Compliance kit for on-premises collaboration solution

Originally published at:

Many companies have been working hard to ensure they are GPDR compliant by the end of this week. For many, Nextcloud has been a part of that, simplifying compliance by helping companies keep sensitive data in-house. Today, we release a Nextcloud Compliance Kit to help these organizations comply with the requirements of the GDPR.

GDPR requirements

The GDPR requires businesses and other organizations who handle data from private users to offer clarity about how they use this data as well as a way to access, rectify or delete it. When dealing with a public cloud vendor, data leaves the control sphere of the business and a Data Processing Agreement needs to be signed with the cloud vendor. The business then has to ensure processes are set up to deal with GDPR related requests to be compliant. Keeping data in-house by self hosting negates the need for dealing with one more external party, keeping the whole process in-house and simplifying compliance. [caption id="attachment_4037" align="alignright" width="458"] The Data Request application shows buttons to request an export of personal data from the administrator in the user settings[/caption]

The security requirements demand organizations to take appropriate measures to secure data. A Nextcloud Subscription delivers security patches and consulting based on our expertise and Security Bug Bounty Program, helping Nextcloud customers to make sure that this requirement is met.

Compliance Kit

The kit offers Nextcloud customers tools and documentation to make compliance a checklist-affair. Specific features in two Nextcloud apps and an update, a GDPR compliance steps walk-through and a detailed account of data handling in Nextcloud with instructions on how to extract, modify and delete data as required by law, make up the package.
GDPR compliance is a major concern for many of our customers. Our GDPR Compliance Kit essentially takes these concerns away with regards to the file handling, collaboration and communication capabilities as offered by Nextcloud
-- Andreas Rode, head of sales

Nextcloud now offers organizations who host a Nextcloud server apps that help their GDPR compliance, depending on their specific circumstances:

  • The Imprint update to the theming app enables businesses to show a link to a legal notice or privacy policy on login
  • The Delete Account app enables businesses to offer users an easy way to delete their account as required under the GDPR
  • The Data Request App adds a way for users to request data, changes or account deletion from their user settings.
[caption id="attachment_4039" align="alignright" width="520"] Adding an imprint link to Nextcloud 13[/caption] Moreover, Nextcloud offers customers access to a GPDR Compliance Checklist and a nearly 20 page detailed GPDR Admin Manual indicating where data can be found on a typical Nextcloud server and how to handle requests for extracting, rectifying and deleting data.
The GDPR Compliance Kit dealt with all our concerns. The global nature of the research community with frequent collaboration with European researchers and students requires global compliance awareness and an on-premises solution backed by the expertise of Nextcloud GmbH gives us the assurances we need.
-- Hans Erasmus, Junior Infrastructure Architect at the North-West University in South Africa.

[caption id=“attachment_4040” align=“alignnone” width=“1024”]

The User account deletion app allows users to delete an account without administrator assistance.[/caption]

The apps and GDPR checklist are released to the general public while customers have access to the full compliance kit including GDPR Admin Manual. The apps can be found on the Nextcloud app store while the GDPR checklist can be downloaded from our website. If you have questions about Nextcloud and GDPR compliance, contact us!

Today, Nextcloud also announces a partnership with Red Hat to offer full-stack in-house storage and solutions to help customers with GDPR compliance.


Hi, Click on the email box and reloads

1 Like

Workarround: click captcha, tab through till input field, enter email, click on download.


1 Like

Great new tools. I think the legal notice could be optimized. If you manage a nextcloud for different users, which can share files etc. they should be able to insert their own imprint when they share a public page or even pico cms.

Would you mind, inserting the legal notice per user as setting field?

COuld not find the GDPR Check list mentioned…

1 Like

Just tested Data Request App Does the app only inform sysadmin about a request and not generates data automatically? Is there a workflow that describes how to get such data by admin manually then?

As you may read in the app description: yes.

Not, imho.