GDPR-Compliant File Transfer

Assure fully compliant internal and external transfers of files containing personal data.

Reduce the Risks of External File Transfers

The external transfer of sensitive data is a core operational business process of IT organizations. Data in transit is data at risk of interception, unauthorised access or mishandling.

Secure External Data Transfers with an MFT Solution

A secure and reliable Managed File Transfer (MFT) solution can prove an invaluable investment for an organization that needs to share sensitive information with 3rd parties.

Prove GDPR-Compliance with Tamper-evident Audit Logs

GDPR requires IT and security teams to provide proof of compliance. MOVEit tracks all file transfer activities including authentications and modifications to workflows in a tamper-evident database.

What is GDPR?

The General Data Protection Regulation (GDPR) is designed to replace the set of regulations and the authorities of the protection of people in the 28 EU member states; the GDPR is a homogeneous standard that is applied throughout the EU. This new law became active on May 25, 2018.

Who is it for?

GDPR affects all companies that process the personal data of citizens of the European Union, regardless of where the company is located. If your organization collects or processes the personal data of EU residents, regardless of whether or not you have a physical presence in the EU, you are subject to the GDPR.

The Threat is Real

While no industry that collects and stores personal data is safe, sources such as the Breach Level Index report that 80% of the breaches occur in the technology, retail, financial and healthcare sectors. However, a recent Ipswitch survey of 255 IT professionals showed that only 27% of data breaches are the result of “Malicious Behavior”. A staggering 46% of all data breaches were caused by “Process or Network Failures”. We’ve met the enemy and they are us.

80%

of breaches occur in the technology, retail, financial and healthcare industries

The Seven Principles of GDPR Compliance

Your file transfer systems, which fall under the definition of processing data, must provide the following functionality in order to enable compliance with GDPR.

"Care must be used when designing and implementing personal information processing activities."

Non-repudiation validates that personal data is transferred only between authorized senders and receivers. Centralized access controls safeguard user credentials, permissions and personal data.

"Personal data must be secured against internal and external threats, accidental loss, destruction and damage."

Encryption of personal data in transit and at rest. Integration with security infrastructure components such as Data Loss Prevention and Anti-virus solutions.

"Collection and processing should be limited to the personal data needed to achieve the stated purpose."

Comprehensive analytics that provide the required insights into transfer activities to assure on-going compliance with GDPR’s data protection principles.

"Personal data collected for one purpose should not be used for a new incompatible purpose. "

Cryptic scripts should be replaced with a forms-based solution that provides a standardised, secure and documented record of data transfer tasks.

"Compliance with the Data Protection Principles must be documented."

Automated log collection in one centralized location. Audit logs should be tamper-evident in order to be trusted for accuracy

"All reasonable steps must be taken to ensure that personal data is accurate."

Automatic file integrity checking validates that a file has not been altered.

"Personal data should not be stored longer than necessary for the stated purpose."

The system should provide for pre- and post-transfer tasks including the scheduled deletion of personal data files.

The Cost of Non-Compliance

If you do not meet the requirements of GDPR, the penalties are severe and can affect the operation of your business. Failure to comply with the GDPR can result in penalties of €20 million or 4% of worldwide annual turnover, whichever amount is greater.

Terms to know

GDPR: The General Data Protection Regulation (GDPR) sets a high standard for data protection and applies to any organization that processes, or controls the processing of, the personal data of EU residents.
Personal Data: GDPR defines personal data as “any information relating to an identified or identifiable natural person (‘data subject’).”
Processors: A processor is any organisation that collects, processes, stores or transmits personal data of EU citizens.
Controllers: A controller is an organization that directs the processors activities. This extends the responsibility of the original data collector (the controller in this case) to the actual processing of data by an outsourcer or business partner (the processor).