Guidelines for configuring your faxing environment (including your XMediusFAX Cloud service and your own corporate environment) to help gain compliance with PII regulations such as GDPR.
If your organization is involved in the processing of Personally Identifiable Information (PII), you may need to configure your faxing environment (including your XMediusFAX Cloud account, local clients and other involved communication/infrastructure systems) to comply with PII regulations such as the European Union's General Data Protection Regulation (GDPR).
Identify your PII data
First of all, you should clearly identify the different types of PII data that your organization is processing, as well as the people within your organization who are intended to process this data, and finally, the context in which the PII data is processed.
This analysis should help you take careful decisions and implement the most appropriate corporate rules in order to meet your PII processing requirements while providing a proper faxing environment to all users of your organization.
Isolate your PII users (if needed)
As XMediusFAX Cloud offers convenient options such as fax forwarding and fax box delegation, you may need to determine if some of your fax users may be allowed to share with some others the faxes they are processing, and if some of them must not be able to share these faxes.
To isolate your PII users, you may need to enforce the same restrictions for all users of your XMedius Cloud account, by disabling (for example, in the most restrictive scenario) the Allow Fax Box Delegation and Allow Fax Forwarding options within the . Alternatively, if your corporate context requires it, you could consider to open multiple XMedius Cloud accounts.
Plan and request the configuration of your fax retention/deletion
At this step, you should review the data retention/deletion rules you may have established to meet your PII processing requirements, in order to request for the appropriate fax data retention to be setup by the XMedius Cloud team (for more information on the subject, see Fax Retention).
Again, having multiple enterprise accounts for each type of processed PII data may offer you more flexibility, if the retention rules are different for each of the PII data types that your organization may process.
Protect your fax data
For security reasons, according to PII regulations, the fax data that you process should be protected at all times – at rest and in transit.
Protect data in transit
PII fax data should be protected during its transmission within your corporate environment and through the Internet, to and from the XMediusFAX Cloud service.
As such, XMedius ensures that the Web applications used by XMediusFAX Cloud are configured to work in HTTPs, and the XMedius Cloud mail servers are setup to support TLS (if your own mail servers are configured to use it – see below).
Encrypt data at rest
PII fax files should be encrypted on the server where the fax data is stored during the retention period.
As such, XMedius ensures that the file systems hosting your XMediusFAX Cloud data – including backup locations – are setup to use the highest encryption standards.
On your side, be aware that you should additionally encrypt any storage destination – not managed by the XMediusFAX service – that you may have included in your fax processing flow (for example, remote folder destinations or other systems/applications).
Keep your systems up to date
In the context of PII processing, the security of systems is a critical topic to monitor carefully.
As such, XMedius constantly maintains up to date the systems hosting the XMedius Cloud platform and services as per its policies, by always applying the latest security fixes and improvements produced by the software industry and by its own development team.
- By applying OS security updates as soon as they are released.
- By maintaining any of your XMediusFAX client software up to date – note that you can subscribe to receive email notifications when XMedius Cloud services and client tools are updated (go to https://support.xmedius.com/hc/en-us/sections/207217288-Change-History and use the Follow option at the top right of the page).