GDPR affects all companies that process the personal data of citizens of the European Union, regardless of where the company is located. Compliance with the GDPR requires security features that range well beyond the encryption provided by SFTP servers. GDPR requires IT and security teams to provide proof of compliance. If you do not meet the requirements of GDPR, the penalties are severe and can affect the operation of your business.
The external transfer of sensitive data is a core operational business process of IT organizations. Data in transit is data at risk of interception, unauthorized access or mishandling.
A secure and reliable Managed File Transfer (MFT) solution can prove an invaluable investment for an organization that needs to share sensitive information with third parties
Progress MOVEit is the leading managed file transfer application that helps meet the relevant articles introduced by GDPR with its ability to encrypt personal data both in transfer and at rest. MOVEit offers non-repudiation to ensure that data is only transferred between senders and receivers, DLP and Anti-Virus integration, perimeter security and centralized access control.
Centralized management and multi-level protection safeguard sensitive data from unauthorized access and mishandling by third parties.
MOVEit tracks all file transfer activities including authentications and modifications to workflows in a tamper-evident database.
Effortlessly meet GDPR requirements and prevent your business from being hit with a €20 million penalty or greater.
Your file transfer systems, which fall under the definition of processing data, must provide the following functionality in order to enable compliance with GDPR.
Non-repudiation validates that personal data is transferred only between authorized senders and receivers. Centralized access controls safeguard user credentials, permissions and personal data.
Encryption of personal data in transit and at rest. Integration with security infrastructure components such as Data Loss Prevention and Anti-virus solutions.
Comprehensive analytics that provide the required insights into transfer activities to assure on-going compliance with GDPR’s data protection principles.
Cryptic scripts should be replaced with a forms-based solution that provides a standardised, secure and documented record of data transfer tasks.
Automated log collection in one centralized location. Audit logs should be tamper-evident in order to be trusted for accuracy.
Automatic file integrity checking validates that a file has not been altered.
The system should provide for pre- and post-transfer tasks including the scheduled deletion of personal data files.