The 5 W’s To Assess If Your Data Transfers And Sharing Are GDPR Compliant

Just Eight Weeks Ago The Much Anticipated GDPR Legislation Came Into Effect. Companies Across Europe And Further Afield Scrambled To Seek Compliance In What Was Portrayed As More Disruptive Than Y2K.

While the deadline has come and gone, it was merely the start date from which companies need to be able to demonstrate GDPR compliance, and a lot of work is still required as compliance gets embedded further into everyday business processes and operations.

GDPR is not intended to act as a roadblock for business but rather to encourage businesses to drive transparency for data use and governance. It shifts how organisations have been approaching client data and aims to puts the customer back into the forefront.

You May Have Updated Your Privacy Policy, But It’s Not Enough!

Wizuda’s 5 W’s aim to help you evaluate the where, what, who, why and when of your data transfers and file sharing operations. For example, to assess if your email processes are GDPR compliant?

1.WHAT?

First you need to understand – What personal data you process and store and if it includes special categories of data?

2.WHERE?

Next, you must know – Where your data is coming from? Where it is being stored? Where your data is transferred to? This should be considered both internally within your organisation as well as externally to third parties and so on. Is it being transferred outside of the EEA and if so are appropriate safeguards in place such as BCR, model contracts etc?

3.WHO?

Then you need to look at – Who has access to this data? Who is it being shared with? Ensure to look at your entire supply chain e.g. Internal departments, 3^rd party data processors etc.

4.WHY?

The next step is to understand – Why do those with access to this data, have access? What is the legal basis for them having access e.g. is it for legitimate business purposes? Should this data be transferred or shared with them? Have the appropriate technical and organisation measures been applied e.g. data encryption, data minimisation?

5.WHEN?

And finally, you need to review – When were these transfers and data sharing arrangements authorised? Are they still valid? Have you got the right technical solutions in place that give you a full audit trail of your organisations file sharing and data transfer activities including the authorisation workflow history for your compliance reporting?

Once you have assessed the 5 W’s of data transfers within your organisation, you will need to consider what your next steps should be. There will by many actions you will need to take to address compliance. Remember the GDPR is a regulation and if found to be non-compliant you risk significant fines.

To learn more about Wizuda’s GDPR Compliant solutions, visit https://wizuda.com/gdpr/

The board of a multinational medical device organisation required a secure, cloud-based solution which facilitated virtual board member collaboration on key documents in preparation for monthly board meetings.

The documentation was regularly of a highly commercially sensitive nature, largely relating to ongoing clinical trials, and as such demanded a secure and encrypted platform which could be implemented without the engagement of internal IT resources.

Key challenges that need to be considered:

Geographically dispersed stakeholders
Highly commercially sensitive documentation
No internal IT involvement
Multiple stakeholders required to collaborate on
single documents

Wizuda MFT gave them a centralised view of all their file transfer activities and a network overview of the data flows. IT now had instantly available reporting and could provide geographic maps and network overviews to senior management of all file transfer activities in the organisation. These could also be categorised in ways that made sense for the business from a priorities perspective. Wizuda’s unique ‘Health Check’ dashboard with automated monitoring and alerts, allowed them to manage all transfer operations proactively and ensured they were always on top of any issues.

From a GDPR compliance perspective, transfers could be linked to Data Protection Impact Assessments were required and data could be anonymised as part of the transfer process. Wizuda MFT enabled them to apply the latest security protocols for file transfers and encrypt data at rest and in transit. Passing cyber-security and GDPR compliance audits became a lot easier.

About Wizuda

Developing IT Solutions to Make Businesses Better

At Wizuda we focus on developing IT solutions which help businesses grow and empower people to collaborate and stay connected securely and compliantly. Specialists in secure data transfer since 2001, all development and support operations are carried out from our two Irish

offices located in Dublin (Wizuda Headquarters) and Limerick. We pride ourselves in developing software solutions that allow organisations to take back control of their file transfer and data sharing operations, enabling them to operate efficiently, securely and compliantly