by CData Arc Marketing | May 20, 2020

How CData Arc Ensures GDPR-Compliant File Transfer

Arc illustration

The General Data Protection Regulation (GDPR) is a set of rules designed to give citizens of the European Union greater control over their personal data and their data transfers. GDPR also requires businesses to ensure personal data remains private and to notify customers of any data breaches.

While GDPR applies to EU residents, similar data protection measures are proliferating worldwide. The United States alone has introduced a patchwork of state-by-state data privacy regulations, including the California Consumer Privacy Act (CCPA), the New York Consumer Privacy Act (NYPA), the Minnesota Government Data Practices Act, and others.

When organizations consider data security, they usually think about data stored in data warehouses or applications. They often overlook security for _data in motion, _or file transfer governance, a vital component of data governance. GDPR data transfer mechanisms play an important role in GDPR compliance.

While a number of file transfer protocols are available to secure data in motion, including FTPS or SFTP, standalone file transfer clients using individual protocols are limited, ad hoc solutions that create scattered processes.

CData Arc Managed File Transfer (MFT) solves these problems with a centralized solution and built-in advanced security mechanisms to help ensure GDPR-compliant file transfers.

Using CData Arc's MFT capabilities, you can manage all your file transfers in one place to gain complete visibility into your data movements — while automating compliance with data governance policies across your organization. Full control over where your MFT application runs, whether on-premise or in the cloud, further improves data security.

Key data governance capabilities for data-in-motion include:

  • Advanced encryption of data in transit and at rest with certificates and signing
  • Verification of message receipt for non-repudiation
  • Detailed audit logs that enable you to trace all movements of sensitive data
  • Secure connections for transferring sensitive data
  • Strong key management that remains in your control
  • Centralized control and management of file transfers

How CData Arc MFT Addresses GDPR File Transfer Rules

With its data governance capabilities for file transfer, CData Arc enables your organization to address a number of critical GDPR requirements.

Security for Personal Data

GDPR requires data controllers — who determine the reason for data usage and are responsible for the procedures surrounding it — to ensure the security of any personal data they process and to demonstrate compliance with security requirements.

CData Arc offers several popular encryption technologies, including OpenPGP and AES, to encrypt data at rest or in motion. At the same time, you remain in full control of where files are stored and who can access them. Audit logs enable you to document and prove compliance with data security requirements.

Providing Customers with Copies of Their Data

Under GDPR rules, EU citizens are empowered to request a copy of their personal data or ask you to transfer their personal data to another company.

You can automate the process of transferring personal data at your customers' request, using CData Arc. You simply create a data request form with CData Arc's Form Connector, and when a user requests a copy of their data, CData Arc can encrypt and send the requested information to that user through secure email or using a secure file transfer protocol, such as SFTP or FTPS. The entire GDPR file transfer process can be quickly automated in CData Arc's Flow designer.

Data Privacy and Protection

Your organization must be able to provide a reasonable level of data protection and privacy in order to comply with GDPR.

CData Arc provides you full control over where your file transfer server runs and which users may access it. You control all data protection and privacy settings within the application itself and on the servers where you install it, as well as the protocols used to send and receive data.

Maintain Records of Data Processing

To comply with GDPR, your organization must maintain records of data processing activities, including the type of data processed and the purposes for which it's used.

CData Arc delivers detailed audit trails and logging, giving you a complete, closed-loop history of how each message was processed. You retain complete control over the level of detail the logs save, how long the logs are kept, and how and when logs are archived.

Implement Security Appropriate to Risk

Whether your organization gathers data (acts as the data controller) or processes data on behalf of the data controller (acts as the data processor), you must implement appropriate technical and organizational measures to maintain a level of security appropriate to your risk level.

CData Arc has published an MFT security practices guide to provide your administrators more information about core MFT security measures.

A Data Protection Officer to Monitor Compliance

GDPR requires you to assign a Data Protection Officer to monitor your compliance.

Your CData Arc administrator will take on this responsibility. He or she can use CData Arc's notification and monitoring capabilities, along with robust APIs, to ensure compliance with GDPR file transfer rules and manage the application — all from a single location.

Download CData Arc to Implement GDPR-Compliant Data Movement

CData Arc is a robust MFT solution built with the highest security standards in mind. It provides you with powerful tools to implement file transfer governance and comply with GDPR requirements for securing data in motion and at rest. For a first hand look at the product, please download a free trial.