WorkDrive's commitment to compliance

Keeping data confidential and in compliance with relevant laws and standards is a key part of digital security, which is why we at WorkDrive put so much value on it. Not only do we want to ensure that your data is safe with us, but we also wish to establish the highest level of trust with our customers. This is essentially how Zoho has been approaching security and compliance issues since the very beginning.

So what are the elements involved in our app that entail our compliance measures?

Getting GDPR right  

The EU's General Data Protection Regulation is a cornerstone of global data security and privacy standards. GDPR compliance is essential to ensure individuals' data is being used ethically and you have access to it whenever possible. This is just the simple gist of it. There are a few articles that we’ll explain here.

Article 7: Consent

The foremost step to a GDPR-compliant environment is to ensure that a user knows what data is being collected from them and they provide their consent for it.

WorkDrive provides a secure content collaboration platform with granular access controls for every file and folder.  With subfolder-level sharing, you can also give team members higher access permissions to specific files or folders within a Team Folder they're part of. For instance, if you need a team member to contribute to only one file within a Team Folder, you can add them to the Team Folder as a viewer and give editor permission only for the file you want them to edit.

Articles 17 and 32: Right to erasure and security of processing

Another key part of GDPR is the ability for data subjects to ask for their data to be removed at any given time. This feature is also helpful when it comes to the correction of data or further processing of it.

Once you've audited the data you're holding, the next step is to assess its possible exposure to security breaches. Ensure that appropriate technical measures are taken to protect any personal data you hold from breaches. All files stored in Zoho WorkDrive are encrypted with 256-bit Advanced Encryption Standard (AES) at rest, and Secure Socket Layer (SSL) and Transport Layer Security (TLS) during transit.

Our advanced external sharing features facilitate this by letting you create different external sharing links to files and folders, apply link properties like passwords and expiration dates, and make the name and email fields mandatory. You can label them for easy reference and track these links separately. You can also disable external sharing for particular Team Folders or even your entire team.

Article 4(5): Anonymization

The GDPR rules highly recommend that data controllers anonymize or pseudonymize your data to avoid any security breaches.

If you want to manually anonymize or pseudonymize data stored in Zoho WorkDrive, use our built-in Office Suite.

Article 20: Right to data portability

A data subject has the right to ask to receive their personal data in a structured and machine-readable format. They can also have their data transferred from one controller to another, for example, in the case of an employee changing roles or leaving an organization.

With Zoho WorkDrive, you can easily locate these files and receive them in a downloadable format.

The HIPAA compliance  

The Health Insurance Portability and Accountability Act requires covered business entities to safeguard individuals' medical records and other identifying data. For HIPAA purposes, Zoho generally doesn’t collect, use, store, or maintain health information protected by HIPAA for its own purposes.

WorkDrive helps maintain HIPAA compliance with its many features such as:

• Clear roles and permissions at the team level: You can easily assign roles to users. Admins will then be able to add or remove users and manage all team level settings from the Admin Console. Similarly, in a private Team Folder, only the members who have been added to it can view and access files. However, in a public Team Folder, any team member will be able to view and access files by default.

• Specialized access to subfolders and files: Instead of giving all your users higher access to all files in a Team Folder, you can just assign them edit access to a particular file or subfolder when required.

• Streamlined data retention policy: WorkDrive’s data retention policy allows you to retain files and folders for up to a certain period (such as 30 days), then automatically delete them afterwards. Team Admins can also choose to delete files and folders manually and permanently in the Admin Console.

• Device management: Team Admins on WorkDrive can view details of all connected devices of a user. For certain users, they can set permissions for desktop and mobile apps and disconnect or wipe and disconnect devices remotely.

• Data encryption: WorkDrive encrypts your data at both rest and in transit so you can rest assured that your data is secure wherever you are.

Confidentiality doesn’t stop there 

Our strict approach towards data confidentiality doesn’t stop at GDPR and HIPAA.  We have established certifications with other major standard providers as well.  These include:

• IS 642819 (ISO/IEC 27001)

• PM 732705 (ISO/IEC 27701)

• CLOUD 714132 (ISO/IEC 27017)

• And many more; you can check them here!

Zoho WorkDrive always has an edge when it comes to creating the most secure work environment. With a strong standard for compliance, we will continue to deliver more secure and streamlined solutions for digital storage and collaboration.