GDPR requires you to protect personal data when sharing documents. But what does that actually look like day-to-day?
No vague principles here. Just the exact steps to share documents more securely.
From choosing what to share through tracking access to deletion. Each step reduces your risk.
This workflow isn't legal advice. But it's what privacy-conscious companies actually do.
Start with secure sharing tools
Email attachments create GDPR headaches. No control. No tracking. No deletion.
Better tools help with several GDPR requirements:
- Access control
- Activity tracking
- Secure transmission
- Easier deletion
Ellty provides these basics to improve your document security.
Step 1: Audit what you're sharing
Before sharing anything, check for personal data:
Obviously personal:
- Names and addresses
- Email addresses
- Phone numbers
- ID numbers
Less obvious but still personal:
- IP addresses
- Device IDs
- Location data
- Behavioral data
Action: Open your document. Ctrl+F for common personal data. Highlight anything questionable.
Step 2: Minimize the data
Found personal data? Ask: does the recipient need all of it?
Example: Sharing sales report with consultant
- Full version: Customer names, emails, purchase history
- Minimized: Customer IDs, purchase categories, totals
Common minimization tactics:
- Replace names with IDs
- Use regions instead of addresses
- Aggregate individual data
- Redact unnecessary columns
Step 3: Choose sharing method
Method A: Email Attachment (Avoid)
- No control after sending
- Lives forever in inboxes
- Can't track forwarding
- Can't delete remotely
Method B: Cloud Storage Link (Better)
- Some access control
- Can revoke access
- Basic tracking
- Still gets downloaded
Method C: Secure Document Platform (Best)
- Full access control
- Detailed tracking
- Download prevention
- Remote deletion
Step 4: Upload to Ellty
Here's the practical process:
- Go to Ellty dashboard
- Click "Upload Document"
- Select your file (PDF, DOCX, PPTX supported)
- Wait for processing (usually 5-10 seconds)
Your document is now on secure servers instead of email attachments.
Step 5: Configure link settings
Ellty's settings that help with GDPR principles:
Access Control
- Require email: Visitors must identify themselves
- Add password: Extra security layer
- Block downloads: Prevent local copies
Time Limits
- Set expiration: Auto-revoke after 30/60/90 days
- Limited views: Restrict to specific number of opens
Tracking
- View notifications: Know when someone accesses
- Page analytics: See what they focus on
- Forward alerts: Know if shared further
Step 6: Create your secure link
- Click "Create Link"
- Choose custom URL (optional):
- Copy the link
This link now represents your document. More control than an attachment.
Step 7: Share
Write your sharing email carefully:
Subject: Q3 Report - Expires Nov 30
Body: "Hi Sarah,
Here's the Q3 report we discussed. Link expires November 30.
[Secure link]
This document contains confidential data. Please don't forward.
Best, John"
Why this works:
- Clear purpose (Q3 report discussion)
- Expectation setting (expires)
- Confidentiality reminder
Step 8: Track
GDPR requires knowing who processes data. Ellty shows:
- Who viewed (if email required)
- When they viewed
- How long they spent
- Which pages they read
- If they tried downloading
Check daily during active sharing periods.
Step 9: Respond to requests
GDPR gives people rights over their data. Common requests:
"What data do you have about me?"
Check your shared documents. Search for their name/email. List what you find.
"Please correct this information"
Update the document. Ellty lets you replace files without changing links.
"Delete my data"
Remove from document or revoke access entirely. Document the deletion.
Step 10: End-of-purpose actions
Project finished? Contract ended? Time to clean up:
- Revoke access - Click "Revoke" in Ellty dashboard
- Document the action - "Revoked access to Q3 report on [date]"
- Notify recipients - "Project complete. Document access removed."
- Delete if required - Some data must be deleted after use
What this workflow achieves
Following these steps helps with several GDPR requirements:
Accountability - You can show what you shared and why
Security - Better than email attachments
Control - Can revoke access when needed
Transparency - Track who sees what
Minimization - Share only what's necessary
Not full compliance, but significant improvement.
Tools make it easier
Manual GDPR compliance is exhausting. Tools like Ellty automate the hard parts:
- Upload once - Not scattered in emails
- Set it and forget it - Expiration handles retention
- Track automatically - No manual logs
- Revoke instantly - One click cleanup
The goal: make secure sharing easier than insecure sharing.
Start improving today
Perfect GDPR compliance is complex. But better document sharing is simple.
Start with one document:
- Upload to Ellty
- Set basic protections
- Share via link
- Track what happens
Each secure share is better than an attachment. Each tracked document improves accountability.
Small steps. Real improvement. That's practical GDPR.
