GDPR Insights: File Transfer Compliance

Who do you share data with?

Most oganisations share data with external partners or third parties, but do you know who they all are?  If personal data is shared then you will need to review how that data is shared, and whether the systems used are going to be compliant with the GDPR.  Most data is shared via e-mail, but in some cases Cloud based storage or file sharing services might be used.

Different data sharing systems could have been adopted over time as an organisations needs evolve, but if these systems are not configured or used correctly, or staff use alternative and unauthorised tools, there is a chance that compliance will not be met.

How to ensure that data transfers are compliant

Organisations can ensure that their data transfers are compliant with the GDPR by following five of the data protection principles.

Principle 1 – Fair, Lawful and Transparent.  Data processing workflows that include the transfer of personal data, should incorporate data security, tracking, control and deletion when required in its design.

Principle 2 – Purpose Limitations.  Personal data collected for a specific processing purpose may not be used for another purpose without the subjects consent, and this will likely need to involve significant changes to data processing workflows and procedures.  Scheduled deletion of personal data will need to be implemented to aid with compliance management.

Principle 4 – Accuracy.  Personal data must be accurate and, where necessary, kept up to date.  Rectification processes will need to be built in to the data processing workflows, along with the ability to delete data when it is no longer up to date.

Principle 5 – Retention.  Personal data should not be retained longer than needed for a stated purpose.  In order to meet compliance, the data transfer system should have the ability to schedule the deletion of data soon after transfer.

Principle 6 –  Data Security.  Personal data must be secured against unauthorised or unlawful processing, accidental loss, destruction or damage.  A combination of data encryption and strong access controls, along with the ability to confirm the data was delivered to the intended recipient, will help with meeting compliance.

Recommendations

Traditional methods of data sharing may prove difficult for organisations to comply with the GDPR, as many of the systems used will lack the functionality required to meet the five principles detailed above.

Fortunately there are secure e-mail and file transfer solutions that do provide the necessary features, and enable the implementation of data sharing policies that will help organisations meet GDPR compliance.

Speak to J2 Technology today about secure data sharing and how it can help with GDPR.