White Paper: GDPR compliant file sharing
How many of your valuable digital assets have been shared with colleagues and partners this week?
Do you know WHO sent WHAT file to WHICH company or WHY they sent it?
If you can’t answer these 2 simple questions with 100% certainty the way you share files is unlikely to be compliant and you are leaving your organisation vulnerable.
When the need to share files arises what route do your team follow? Royal Mail can handle any size of package but takes a while. E-mail – fast, provides a trackable record BUT, has size and security limitations. So many people are now turning to solutions such as Dropbox and WeTransfer, some may be free, but are they GDPR compliant?
A recent survey shows that 80% of risky file sharing incidents were the result of accidental information sharing by employees. The blame for this lies largely on the shoulders of managers who have not put in place any file sharing guidelines and a GDPR compliant file sharing solution. If your organisation is guilty of this, just follow these 3 simple steps…
- Develop a corporate information sharing policy – Who is allowed to see what?
Once information has been shared it can’t be reversed or changed. This lack of control makes it vital that the sharing is accurate and appropriate. Mistakes can lead to the loss or inappropriate sharing of business-critical documents, the risk of privacy breeches and exposure of sensitive information.
Dramatically reduce this risk by creating an easy to understand set of guidelines which lay out what type of information should be accessible to different levels of staff and individual departments. Ensure you also specify what type of individuals outside the organisation can be sent different types of information. You will need to review this on a regular basis to ensure that it correctly reflects any changes in GDPR legislation.
- Decide on a file sharing mechanism – How should files be sent?
Too often individuals use free filesharing solutions which causes a number of issues for the organisation. Multiple individuals accessing unapproved solutions increases the risk of malware infection and hacking as well as posing additional risks if the software is not GDPR compliant, e.g. not using file encryption. With no central audit reports, alerts or User logs there is a lack of control with no visibility for the management team and no staff accountability.
A single file sharing solution should be used across the organisation with individual users attached to an overarching corporate account. This will enable the management team to ensure full GDPR compliance, where the right individuals will be given access to their respective files. In addition, the organisation will have a central overview of what files are shared by which team member and with whom.
- Educate the team – Is everyone in the loop?
You can pay for a fabulous solution and devise a fool proof policy, but it will only work if the team are fully informed on what they can and can’t share and how to access and use the software.
The sharing policy needs to be explained to the existing team and become a part of the welcome pack for new employees along with a simple user guide for your chosen file sharing solution. To keep everyone up to date, run regular GDPR awareness sessions to ensure employees are up to date with current data sharing regulations and the risks involved if the policy isn’t followed.
File sharing is a necessary process for most organisations to facilitate increased collaboration and productivity. So, don’t try to resist it, get in touch with our experienced team and find out how we can help you to achieve GDPR compliant file sharing.