Cryptshare can be an important component in a company's software landscape to be GDPR compliant. GDPR covers a large number of requirements. Many more than the Cryptshare intersections listed below.
Central requirements of the GDPR
you can fulfill with Cryptshare
- Limited storage time of the files on the server is configurable by client
- "Data cemeteries" are avoided
- Protective email classification regulates the security settings for users in the enterprise
- Central management of policy settings bring IT Compliance
- Highly secure encryption is used at times
- Protection of the transferred files, in the case of a wrongly selected recipient. Only the correct recipient knows the agreed password.
- Analysis by external DLP solution possible before or after data upload (reverse proxy server / pre-processing) meaning your DLP rules are applied.
A short GDPR, obligations and opportunities
The General Data Protection Regulation GDPR entered EU law on May 25th, 2018. The European Union (EU) has for a long time seen data privacy as an important issue and has worked to create unified legislation protecting the interests of all citizens of the EU whose data may be held inside or outside the EU. Whilst not entirely new legislation in the latest form it does include some significant new provisions with far-reaching impact to companies worldwide.
Several new terms will require careful consideration by all organisations, and we conclude several things having talked to representatives of the EU, to our customers and to customers of other technology vendors, in the USA, EU and APAC. These are that:
Most organisations have implemented some of the protections they need, but few have covered all bases. There is work to be done.
Technology is key to solving the issues, but soft requirements (people and behaviour) cannot be ignored. Few organisations have allocated suffi cient money or time to handle these new demands.
This may be a great time to get rid of some legacy technology and replace it with more modern, cheaper, more focussed solutions that do what you need and don’t cost a fortune for what you do not need.
- Replace FTP, SFTP, S/Mime and PGP
- Prohibit Shadow IT solutions, private Dropbox, uSend IT etc.
Some headlines of the GDPR and what has changed?
The objective of the GDPR is to protect the data privacy of all EU citizens in an increasingly data orientated world.
Some new provisions include:
Today, companies are confronted with an ever-increasing volume of electronic communication. Messages and files containing sensitive information need to be exchanged securely and conveniently around the globe.
Consumer platforms and apps, mostly financed through collection of data and advertising, steadily grow and extend their reach.
Meanwhile, organisations see themselves confronted with multiple challenges and threats: Criminals, competitors, and foreign governments want to get hold of their sensitive data.
These are that:
- Most organisations have implemented some of the protections they need, but few have covered all bases. There is work to be done.
- Technology is key to solving the issues, but soft requirements (people and behaviour) cannot be ignored. Few organisations have allocated sufficient money or time to handle these new demands.
- Use established technology such as email, but solve known issues of large file handling and security first. Why? You can implement this fast and place a known solution in front of all users for a far more predictable win.
- Non-EU based companies have much more to do and may be more vulnerable under scrutiny. Time to catch up.
- This may be a great time to get rid of some legacy technology and replace it with more modern, cheaper, more focussed solutions that do what you need and don’t cost a fortune for what you do not need.
- Severe penalties will galvanise actions, but this is leading to a feeding frenzy by vendors making unjustifiable claims about their “unique” approach. The mirrors are everywhere and the smoke is thick.