Should staff be using free cloud based transfer apps to send data files?

In short. No.

Often these applications are used outside the scope of the IT department and those responsible for IT security and GDPR compliance within an organisation.

The market leading platform, was designed out of the need to send large files which could not be transferred by email, due to email’s limitation on file sizes, which is often set to 10MB.

Such platforms were designed to transfer large artwork or creative files, as the nature of these files is that they are often in excess of 10MB. However, they are not really supposed to be used for transferring data files, containing personal data.

Under Article 5 of GDPR, there is an onus on businesses to protect any data that they are processing. Processing includes the transfer of data according to Article 4.

So when sending data files through a file transfer platform, at the very least there should be some authentication of the recipient and there should at the very least be password protection.

Other questions to consider include:

  • Is there any authentication of users?
  • Are there passwords?
  • Are the passwords strong and secure?
  • Where does the data reside?
  • Is it encrypted at rest?
  • How long is data retained?
  • Is there a record of the transfer?
  • Does anyone in the organisation have a view of who is sending what, where?

When using free transfer applications, most of the answers to the above are no.

If you want to look at secure file transfer, then take a look at dataXchange

Telephone 0345 121 2280
Company Reg 358 9570
VAT Number 7177759 90