GDPR AND FILE TRANSFER
- Data retention policies
- Secure data transfer protocols
- Encryption of data at rest
- Detailed auditing and reporting
- Authentication and access control options
- High availability / disaster recovery
- Integrate with AV and DLP tools
- Controlled platform for ad-hoc sharing/collaboration
GDPR COMPLIANCE WITH EFT ENTERPRISE
Secure protocols to protect data in transit
Robust authentication to control who can access data, plus optional multifactor authentication
Full audit log to trace data
Encryption options for protecting data at rest, including OpenPGP
Optional secure data wiping, otherwise known as data sanitising
Local-managed or AD-managed access controls over what data can be accessed
Automated, scheduled clean-up action helps comply with storage-retention requirements
User account information is always stored encrypted
ADDITIONAL EFT MODULES FOR GDPR
Workspaces vs shadow IT
Workspaces for EFT makes it easy for end users to share files of virtually any kind via any web browser, allowing others to access, upload, and download folders and files. Employees can share files in a way that they have become use to, but in a secure way, with enhanced governance and visibility of your data. With Workspaces for EFT you can:
- Empower your end users with secure file sharing between employees and external partners
- Retain full control and visibility of your data
- Integrate with Outlook for person-to-person file transfers
- Securely send files from your browser
- Generate reports on file transfer activity
Content Integrity Control module (CIC)
Due to this architecture, upstream or downstream processes need to exist to determine whether files that are processed through EFT contain personal data, including controls that would allow or disallow processing of that data.
EFT’s optional support for the ICAP protocol allows it to side-channel files that are being received or that are about to be processed, allowing a third-party system to examine and flag those files accordingly (disallowing further processing), or even modifying their content, including replacing personal or other sensitive data with alternate content.
Auditing & Reporting Module (ARM)
Under GDPR Article 30, you have a responsibility to log and report data transfers that include personally identifiable data. ARM provides access to a full range of pre-configured reports, meaning you can evidence which users sent and received which data. Combining this with the additional Insight module will deliver customised reporting, real-time monitoring and track SLAs against your data movement.
High Security Module (HSM)
The following technical top tips and guides are useful resources to support GDPR compliance with EFT Server.