GDPR-Compliant File Transfer
Ensure fully compliant internal and external transfers of files containing personal data
Your Challenge
You Simply Cannot Bypass GDPR
GDPR affects all companies that process the personal data of citizens of the European Union, regardless of where the company is located. Compliance with the GDPR requires security features that range well beyond the encryption provided by SFTP servers. GDPR requires IT and security teams to provide proof of compliance. If you do not meet the requirements of GDPR, the penalties are severe and can affect the operation of your business.
Vulnerabilities of Exposed Personal Data
The external transfer of sensitive data is a core operational business process of IT organizations. Data in transit is data at risk of interception, unauthorized access or mishandling.
Securing External Data Transfers Under GDPR
A secure and reliable Managed File Transfer (MFT) solution can prove an invaluable investment for an organization that needs to share sensitive information with third parties
Our Solution
Comply with Data Protection Regulations
Progress MOVEit is the leading managed file transfer application that helps meet the relevant articles introduced by GDPR with its ability to encrypt personal data both in transfer and at rest. MOVEit offers non-repudiation to ensure that data is only transferred between senders and receivers, DLP and Anti-Virus integration, perimeter security and centralized access control.
Reduce the Risks of External File Transfers with End-to-End Encryption
Centralized management and multi-level protection safeguard sensitive data from unauthorized access and mishandling by third parties.
Prove GDPR Compliance with Tamper-Evident Audit Logs
MOVEit tracks all file transfer activities including authentications and modifications to workflows in a tamper-evident database.
Avoid the Cost of Non-Compliance
Effortlessly meet GDPR requirements and prevent your business from being hit with a €20 million penalty or greater.
Your Challenges
The Seven Principles of GDPR Compliance
Your file transfer systems, which fall under the definition of processing data, must provide the following functionality in order to enable compliance with GDPR.
Care must be used when designing and implementing personal information processing activities.
Non-repudiation validates that personal data is transferred only between authorized senders and receivers. Centralized access controls safeguard user credentials, permissions and personal data.
Personal data must be secured against internal and external threats, accidental loss, destruction and damage.
Encryption of personal data in transit and at rest. Integration with security infrastructure components such as Data Loss Prevention and Anti-virus solutions.
Collection and processing should be limited to the personal data needed to achieve the stated purpose.
Comprehensive analytics that provide the required insights into transfer activities to assure on-going compliance with GDPR’s data protection principles.
Personal data collected for one purpose should not be used for a new incompatible purpose.
Cryptic scripts should be replaced with a forms-based solution that provides a standardised, secure and documented record of data transfer tasks.
Compliance with the Data Protection Principles must be documented.
Automated log collection in one centralized location. Audit logs should be tamper-evident in order to be trusted for accuracy.
All reasonable steps must be taken to ensure that personal data is accurate.
Automatic file integrity checking validates that a file has not been altered.
Personal data should not be stored longer than necessary for the stated purpose.
The system should provide for pre- and post-transfer tasks including the scheduled deletion of personal data files.
