GDPR-Compliant File Transfer
Perform fully compliant internal and external file transfers containing personal data
Your Challenge
You Can't Simply Bypass GDPR
General Data Protection Regulation (GDPR) affects any company that processes the personal data of European Union citizens, regardless of where the company is based. Compliance with GDPR demands security features beyond encryption provided by SFTP servers. GDPR requires IT and security teams to provide proof of compliance. If you fail to meet GDPR requirements, severe penalties can impact your business operations and reputation.
Vulnerabilities of Exposed Personal Data
The external transfer of sensitive data is a core operational business process of IT organizations. Data in transit is data at risk of interception, unauthorized access or mishandling.
Securing External Data Transfers Under GDPR
A secure and reliable Managed File Transfer (MFT) solution can be an invaluable investment for organizations that need to share sensitive information with third parties
Our Solution
Comply with Data Protection Regulations
Progress® MOVEit® is a leading Managed File Transfer application that helps your business meet relevant GDPR articles by encrypting personal data in transit and at rest. MOVEit offers DLP and antivirus integration, perimeter security, centralized access control and non-repudiation so data is only transferred between senders and receivers.
Reduce Risks of External File Transfers with Enhanced Encryption
Centralized management and multi-level protection help safeguard sensitive data from unauthorized access and mishandling by third parties.
Prove GDPR Compliance with Tamper-Evident Audit Logs
MOVEit tracks all file transfer activities including authentications and modifications to workflows in a tamper-evident database.
Avoid Costs of Non-Compliance
Meet GDPR requirements with ease and prevent your business from being hit with large financial penalties.
Your Challenges
The Seven Principles of GDPR Compliance
Your file transfer systems, which fall under the definition of processing data, must provide the following functionality in order to enable compliance with GDPR.
Care must be used when designing and implementing personal information processing activities.
Non-repudiation validates that personal data is transferred only between authorized senders and receivers. Centralized access controls safeguard user credentials, permissions and personal data.
Personal data must be secured against internal and external threats, accidental loss, destruction and damage.
Encryption of personal data in transit and at rest. Integration with security infrastructure components such as Data Loss Prevention and Anti-virus solutions.
Collection and processing should be limited to the personal data needed to achieve the stated purpose.
Comprehensive analytics that provide the required insights into transfer activities to assure on-going compliance with GDPR’s data protection principles.
Personal data collected for one purpose should not be used for a new incompatible purpose.
Cryptic scripts should be replaced with a forms-based solution that provides a standardised, secure and documented record of data transfer tasks.
Compliance with the Data Protection Principles must be documented.
Automated log collection in one centralized location. Audit logs should be tamper-evident in order to be trusted for accuracy.
All reasonable steps must be taken to ensure that personal data is accurate.
Automatic file integrity checking validates that a file has not been altered.
Personal data should not be stored longer than necessary for the stated purpose.
The system should provide for pre- and post-transfer tasks including the scheduled deletion of personal data files.
