Assure fully compliant internal and external transfers of files containing personal data.
The external transfer of sensitive data is a core operational business process of IT organizations. Data in transit is data at risk of interception, unauthorised access or mishandling.
A secure and reliable Managed File Transfer (MFT) solution can prove an invaluable investment for an organization that needs to share sensitive information with 3rd parties.
GDPR requires IT and security teams to provide proof of compliance. MOVEit tracks all file transfer activities including authentications and modifications to workflows in a tamper-evident database.
The General Data Protection Regulation (GDPR) is designed to replace the set of regulations and the authorities of the protection of people in the 28 EU member states; the GDPR is a homogeneous standard that is applied throughout the EU. This new law became active on May 25, 2018.
GDPR affects all companies that process the personal data of citizens of the European Union, regardless of where the company is located. If your organization collects or processes the personal data of EU residents, regardless of whether or not you have a physical presence in the EU, you are subject to the GDPR.
While no industry that collects and stores personal data is safe, sources such as the Breach Level Index report that 80% of the breaches occur in the technology, retail, financial and healthcare sectors. However, a recent Ipswitch survey of 255 IT professionals showed that only 27% of data breaches are the result of “Malicious Behavior”. A staggering 46% of all data breaches were caused by “Process or Network Failures”. We’ve met the enemy and they are us.
80%
of breaches occur in the technology, retail, financial and healthcare industries
Your file transfer systems, which fall under the definition of processing data, must provide the following functionality in order to enable compliance with GDPR.
Care must be used when designing and implementing personal information processing activities.
Non-repudiation validates that personal data is transferred only between authorized senders and receivers. Centralized access controls safeguard user credentials, permissions and personal data.
Personal data must be secured against internal and external threats, accidental loss, destruction and damage.
Encryption of personal data in transit and at rest. Integration with security infrastructure components such as Data Loss Prevention and Anti-virus solutions.
Collection and processing should be limited to the personal data needed to achieve the stated purpose.
Comprehensive analytics that provide the required insights into transfer activities to assure on-going compliance with GDPR’s data protection principles.
Personal data collected for one purpose should not be used for a new incompatible purpose.
Cryptic scripts should be replaced with a forms-based solution that provides a standardised, secure and documented record of data transfer tasks.
Compliance with the Data Protection Principles must be documented.
Automated log collection in one centralized location. Audit logs should be tamper-evident in order to be trusted for accuracy.
All reasonable steps must be taken to ensure that personal data is accurate.
Automatic file integrity checking validates that a file has not been altered.
Personal data should not be stored longer than necessary for the stated purpose.
The system should provide for pre- and post-transfer tasks including the scheduled deletion of personal data files.
If you do not meet the requirements of GDPR, the penalties are severe and can affect the operation of your business. Failure to comply with the GDPR can result in penalties of €20 million or 4% of worldwide annual turnover, whichever amount is greater.