GDPR compliance

GDPR came into effect on 25 May 2018

Data privacy with Zetafax

On 25 May 2018, a new European privacy law took effect. The General Data Protection Regulation (GDPR) establishes strict global privacy requirements governing how personal data is managed and protected whilst respecting individual choice no matter where data is sent, processed, or stored.

GDPR tightens requirements on companies which control or process personal data for individuals. They standardise and extend the data protection legislation which was previously enacted by individual EU member countries.

The regulations include a range of requirements to ensure that companies only store and use personal data for individuals where there is a valid business requirement to do so, and that such data is stored securely.

Provided Zetafax is configured to restrict access to fax data as described below, then it can be used in a manner which is fully compliant with the GDPR regulations. However companies acting as data controllers for personal data should identify the types of data which they store and use, and ensure that their internal controls and processes for handling this data are robust.

Fax transmission

Zetafax uses the international T.30 fax standard for transmitting faxes. The fax call is point-to-point, with a similar level of security to a voice call, and is not encrypted.

Companies transmitting sensitive information should ensure that the fax number for the recipient is correct – eg by using fax numbers stored in a central address list rather than entering these manually when sending, and by confirming receipt of a test fax before using a number for sensitive information.

Fax over IP (FoIP)

Fax over IP is an international standard for transmitting fax data over an IP switched network. The standard allows use over private and public networks, including the public Internet.

The Zetafax FoIP Connector is used for communication between the Zetafax Server and an IP phone system or FoIP gateway unit. It is an alternative to using a dedicated fax board, and is typically used by companies using IP phone systems or running the Zetafax Server on VMware or other virtual server environment.

Fax over IP traffic generated by Zetafax is not encrypted, and should therefore only be used over secure internal networks. Companies who are concerned about using unencrypted network traffic of this type should use a dedicated fax board instead.

Data storage

Zetafax stores faxes as standard TIFF format files. These are store in folders which typically reside on network fileservers.

Zetafax uses network security to protect access to these files. The Enhanced Security feature enables adminstrators to apply network security to these folders simply, so that each user can only see faxes which they have submitted, and are unable to see temporary files created by the server when transmitting a fax.

Zetafax can be configured to store transmitted files in a long term central archive and/or a Sent Items folder for each user. The server can also be configured to delete old data automatically.

We recommend that companies sending sensitive information apply the Enhanced Security settings, ensure that use of network accounts which allow access to the Zetafax data folders are properly controlled, and consider disabling archiving or configuring automatic deletion rules to limit the amount of information which is stored after transmission.

Parallax image for How it works


This page is provided for informational purposes only and should not be relied upon as legal advice or to determine how GDPR might apply to you and your business. We encourage you to work with a legally-qualified professional to discuss GDPR, how it applies specifically to your business, and how best to ensure compliance.

Last updated 25 May 2018.

Equisys Logo, Document Management and Expense Management for Business Central

Replaced by script