GDPR will grant consumers more rights to the use of their personal data by third parties. This means that companies, authorities and organisations must design their organisational processes accordingly by 25 May 2018. In a previous contribution from April 2017, we provided answers to fundamental questions regarding GDPR. Today we'll show you how Cryptshare can help you meet those requirements.
The key for secure data transmission: Encryption
Personal data must be protected. This is the main concern of GDPR. In the company itself, this is often quite easy to implement by granting only certain persons or groups of people access to systems or data areas. However, how do companies prevent personal data from being viewed by unauthorized parties when exchanging data with external communication partners, such as after leaving the digital outbox and before it reaches the recipient? The digital corporate communication takes place almost exclusively via e-mail and, like a postcard, it can also be read, changed or withheld on the way to its destination. Not if it is transmitted in encrypted form.
Cryptshare encrypts every file transfer with a password. The sender can decide whether the system should automatically assign a password or assign one itself. In this way, personal data is transferred safely from the sender to the recipient.
Right to information and right to correction
The GDPR gives consumers the right to know from companies what data they have collected about them and to correct them in case of discrepancies. In order for companies to be able to provide their customers with information, they must provide them with the data collected.
With Cryptshare, encrypted file transfer is even possible in an ad-hoc manner. This means that no user accounts need to be set up. The recipient needs nothing more than a standard web browser to receive the sensitive data. Even the metadata such as the subject line can also be encrypted with Cryptshare.
Right to be forgotten / Data cleansing rules
The GDPR grants consumers the 'right to be forgotten', i. e. the data subject can revoke their consent to the processing of the data collected by him/her. Companies must then delete this personal data immediately.
Since the transfer of information with Cryptshare takes place via the Cryptshare server and only limited retention periods are allowed there, the files disappear automatically from the server after the maximum retention period has expired. The retention period is individually adjustable by the administrator and can be set to 24 hours or even up to six weeks. This not only avoids 'data cemeteries' but also saves storage resources.
As of the end of May 2018, consumers can insist on receiving their personal data in a 'structured, commonly used and machine-readable format' and can request the transfer of their data from one company to another.
Cryptshare transports all file formats securely from company to consumer or from company to company. The data volume is irrelevant.
The medium for communication is the established e-mail technology.
High level of data protection due to privacy-friendly default setting
The General Data Protection Regulation requires that personal data may only be made available to employees who are required for the further processing procedure. Companies achieve this through appropriate organisational and technical measures such as the classification of data.
With the Cryptshare protective e-mail classification, employees have an intuitive tool at their fingertips. It is state of the art. Delivery rules for the protection classes are set by the administrator according to the company's compliance standards. The data protection-friendly default settings of the classification levels prevent accidentally sending sensitive information to the wrong recipient and unauthorized access to personal data.
Data Loss Prevention (DLP)
Companies expect high penalties for misconduct - whether intentional or unintentional - payments of up to 4% of annual revenue must be made if personal data falls into unauthorized hands.
Cryptshare protects transferred files in case of mistakenly selected recipients. Only the right recipient knows the agreed password. In addition, Cryptshare allows analysis by external DLP solutions before or after data upload.
Cloud Services & Data Processors
Third party data processing occurs when data is hosted in the cloud. In this case, GDPR demands so-called 'order data processing' and makes the company and its external service providers responsible for the data and handling it with care.
With Cryptshare, you don't have to worry about 'order data processing'. Cryptshare can be operated in your own DMZ, which could be on your own server for example. This means that all personal data, even when exchanged externally, remains in your own company.
The GDPR goes into effect and the requirements of the new data protection rules are complex. Companies are well-advised to coordinate their workflows as quickly as possible in order to avoid any penalties and damage to their reputation.
Cryptshare is an important building block in a company's software landscape to attain compliance with GDPR. In addition, special attention should also be paid to raising awareness amongst employees in dealing with confidential data.
Try Cryptshare 21 days free of charge and discover how our solution can help you with secure e-mail communication.