"Care must be used when designing and implementing personal information processing activities."
Non-repudiation validates that personal data is transferred only between authorized senders and receivers. Centralized access controls safeguard user credentials, permissions and personal data.
"Personal data must be secured against internal and external threats, accidental loss, destruction and damage."
Encryption of personal data in transit and at rest. Integration with security infrastructure components such as Data Loss Prevention and Anti-virus solutions.
"Collection and processing should be limited to the personal data needed to achieve the stated purpose."
Comprehensive analytics that provide the required insights into transfer activities to assure on-going compliance with GDPR’s data protection principles.
"Personal data collected for one purpose should not be used for a new incompatible purpose. "
Cryptic scripts should be replaced with a forms-based solution that provides a standardised, secure and documented record of data transfer tasks.
"Compliance with the Data Protection Principles must be documented."
Automated log collection in one centralized location. Audit logs should be tamper-evident in order to be trusted for accuracy
"All reasonable steps must be taken to ensure that personal data is accurate."
Automatic file integrity checking validates that a file has not been altered.
"Personal data should not be stored longer than necessary for the stated purpose."
The system should provide for pre- and post-transfer tasks including the scheduled deletion of personal data files.