How to become GDPR compliant

You are not completely GDPR compliant yet? It is not too late to act!
Fulfill 6 requirements of the GDPR with Cryptshare.

Request a demo!

Cryptshare can be an important component in a company's software landscape to be GDPR compliant. GDPR covers a large number of requirements. Many more than the Cryptshare intersections listed below.

 

Central requirements of the GDPR

you can fulfill with Cryptshare

Right of access by the data subject and right to rectification using Cryptshare

  • Encrypting data transfer to receiver possible
  • Ad-hoc use
  • Metadata is also encrypted

Right to be forgotten / Data Cleanup Rules

  • Limited storage time of the files on the server is configurable by client
  • "Data cemeteries" are avoided

Right to data portability and Cryptshare

  • Transfer of all file formats possible
  • Globally used means of transport by email and universal use of browsers give access to all

Data protection settings at a high level ... including those for outgoing emails

  • Protective email classification regulates the security settings for users in the enterprise
  • Central management of policy settings bring IT Compliance
  • Highly secure encryption is used at times

Data Loss Prevention (DLP)

  • Protection of the transferred files, in the case of a wrongly selected recipient. Only the correct recipient knows the agreed password.
  • Analysis by external DLP solution possible before or after data upload (reverse proxy server / pre-processing) meaning your DLP rules are applied.

Cloud services and the processing of data relating to orders (order data processing)

  • Operation of Cryptshare is possible on premise or on cloud service. Customer decides.
  • A contract for order processing between you and us is not required when operating Cryptshare in your own DMZ.

A short GDPR, obligations and opportunities

The General Data Protection Regulation GDPR entered EU law on May 25th, 2018. The European Union (EU) has for a long time seen data privacy as an important issue and has worked to create unified legislation protecting the interests of all citizens of the EU whose data may be held inside or outside the EU. Whilst not entirely new legislation in the latest form it does include some significant new provisions with far-reaching impact to companies worldwide.

Several new terms will require careful consideration by all organisations, and we conclude several things having talked to representatives of the EU, to our customers and to customers of other technology vendors, in the USA, EU and APAC. These are that:
 

Most organisations have implemented some of the protections they need, but few have covered all bases. There is work to be done.
 

Non-EU based companies have much more to do and may be more vulnerable under scrutiny. It is time to catch up.

Technology is key to solving the issues, but soft requirements (people and behaviour) cannot be ignored. Few organisations have allocated suffi cient money or time to handle these new demands.

Using established technology such as email, having solved known issues of large file handling and security first bring quick wins. Why? You can implement this fast and place a known solution in front of all users for a far more predictable outcome.
 

This may be a great time to get rid of some legacy technology and replace it with more modern, cheaper, more focussed solutions that do what you need and don’t cost a fortune for what you do not need.

  • Replace FTP, SFTP, S/Mime and PGP
  • Prohibit Shadow IT solutions, private Dropbox, uSend IT etc.

Severe penalties up to 4% of global annual turnover will galvanise actions, but this is leading to a feeding frenzy by vendors making unjustifi able claims about their “unique” approach. You need to clear away the smoke!

Some headlines of the GDPR and what has changed?

The objective of the GDPR is to protect the data privacy of all EU citizens in an increasingly data orientated world.

The European Union has for a long time seen data privacy as an important issue and has worked hard to create a unified legislation to protect the interests of all citizens of the EU whose data may be held for one reason or another inside or outside the EU.

This of course is not entirely new legislation - the original working drafts dating back to 1995 - however in the latest form it does include some significant new provisions with far reaching impact.

Several major and minor new terms will require careful consideration by all organisations, large and small, and we conclude several things having talked to representatives of the EU, to our customers and to customers of other technology vendors, in the USA, EU and APAC.

These are that:

  • Most organisations have implemented some of the protections they need, but few have covered all bases. There is work to be done.
  • Technology is key to solving the issues, but soft requirements (people and behaviour) cannot be ignored. Few organisations have allocated sufficient money or time to handle these new demands.
  • Use established technology such as email, but solve known issues of large file handling and security first. Why? You can implement this fast and place a known solution in front of all users for a far more predictable win.
  • Non-EU based companies have much more to do and may be more vulnerable under scrutiny. Time to catch up.
  • This may be a great time to get rid of some legacy technology and replace it with more modern, cheaper, more focussed solutions that do what you need and don’t cost a fortune for what you do not need.
  • Severe penalties will galvanise actions, but this is leading to a feeding frenzy by vendors making unjustifiable claims about their “unique” approach. The mirrors are everywhere and the smoke is thick.

Related content