Cryptshare can be an important component in a company's software landscape to be GDPR compliant. GDPR covers a large number of requirements. Many more than the Cryptshare intersections listed below.
How Cryptshare helps you to become GDPR compliant?
You can fulfill with Cryptshare central requirements of the GDPR
- Encrypting data transfer to receiver possible
- Ad-hoc use
- Metadata is also encrypted
- Limited storage time of the files on the server is configurable by client
- "Data cemeteries" are avoided
- Transfer of all file formats possible
- Globally used means of transport by e-mail and universal use of browsers give access to all
- Protective e-mail classification regulates the security settings for users in the enterprise
- Central management of policy settings bring IT Compliance
- Highly secure encryption is used at times
- Protection of the transferred files, in the case of a wrongly selected recipient. Only the correct recipient knows the agreed password.
- Analysis by external DLP solution possible before or after data upload (reverse proxy server / pre-processing) meaning your DLP rules are applied.
- Operation of Cryptshare is possible on premise or on cloud service. Customer decides.
- A contract for order processing between you and us is not required when operating Cryptshare in your own DMZ.
GDPR compliant e-mail with Outlook
A short GDPR, obligations and opportunities
The General Data Protection Regulation GDPR enters EU law on May 25th, 2018. The European Union (EU) has for a long time seen data privacy as an important issue and has worked to create unifi ed legislation protecting the interests of all citizens of the EU whose data may be held inside or outside the EU. Whilst not entirely new legislation in the latest form it does include some signifi cant new provisions with far reaching impact to companies worldwide.
Several new terms will require careful consideration by all organisations and we conclude several things having talked to representatives of the EU, to our customers and to customers of other technology vendors, in the USA, EU and APAC. These are that:
Most organisations have implemented some of the protections they need, but few have covered all bases. There is work to be done.
Non-EU based companies have much more to do and may be more vulnerable under scrutiny. It is time to catch up.
Technology is key to solving the issues, but soft requirements (people and behaviour) cannot be ignored. Few organisations have allocated suffi cient money or time to handle these new demands.
Using established technology such as e-mail, having solved known issues of large file handling and security fi rst bring quick wins. Why? You can implement this fast and place a known solution in front of all users for a far more predictable outcome.
This may be a great time to get rid of some legacy technology and replace it with more modern, cheaper, more focussed solutions that do what you need and don’t cost a fortune for what you do not need.
- Replace FTP, SFTP, S/Mime and PGP
- Prohibit Shadow IT solutions, private Dropbox, uSend IT etc.
Severe penalties up to 4% of global annual turnover will galvanise actions, but this is leading to a feeding frenzy by vendors making unjustifi able claims about their “unique” approach. You need to clear away the smoke!
Some headlines of the GDPR and what has changed?
The objective of the GDPR is to protect the data privacy of all EU citizens in an increasingly data orientated world.
Some new provisions include:
Today, companies are confronted with an ever-increasing volume of electronic communication. Messages and files containing sensitive information need to be exchanged securely and conveniently around the globe.
Consumer platforms and apps, mostly financed through collection of data and advertising, steadily grow and extend their reach.
Meanwhile, organisations see themselves confronted with multiple challenges and threats: Criminals, competitors, and foreign governments want to get hold of their sensitive data.
These are that:
- Most organisations have implemented some of the protections they need, but few have covered all bases. There is work to be done.
- Technology is key to solving the issues, but soft requirements (people and behaviour) cannot be ignored. Few organisations have allocated sufficient money or time to handle these new demands.
- Use established technology such as e-mail, but solve known issues of large file handling and security first. Why? You can implement this fast and place a known solution in front of all users for a far more predictable win.
- Non-EU based companies have much more to do and may be more vulnerable under scrutiny. Time to catch up.
- This may be a great time to get rid of some legacy technology and replace it with more modern, cheaper, more focussed solutions that do what you need and don’t cost a fortune for what you do not need.
- Severe penalties will galvanise actions, but this is leading to a feeding frenzy by vendors making unjustifiable claims about their “unique” approach. The mirrors are everywhere and the smoke is thick.
GDPR Compliance - The latest changes
GDPR Compliance, a practical guide to getting on top of the latest changes to requirements with some suggestions of quick technological wins for your enterprise.
Table of contents:
- Management summary and conclusions
- What are the aims of the GDPR and what has changed?
- Data Subject Rights
- Privacy by Design
- Data Protection Officers (DPO)
- Some headlines of GDPR rules
- How prepared are organisations for these changes?
- What is the Scope of the regulation?
- What kind of data is included?
- What is meant by a one-stop-shop?
- Who is responsible and how are they held accountable?
- What about consent?
- What is the role of the Data Protection Officer?
- So what about technology to help handle these new demands?