GDPR Compliance for Secure File Transfers
We Help You Protect EU Citizens’ and Residents’ Personal Data
Encryption
By encrypting all files in transit and at rest, Thru keeps your users’ personal information protected. In addition, the risk that unauthorized employees can access this data is reduced.
Consent
Administrators can require user agreements before sending or receiving files to help you remain GDPR compliant.
Right to be Forgotten
Users can request removal of personal information in Thru.
FAQs
What is GDPR?
General Data Protection Regulation (GDPR) was created to better protect the personal data of EU citizens and residents. It was approved by the EU Parliament on April 14, 2016 and went into effect on May 25, 2018.
Who has to comply with GDPR?
GDPR applies to any company or entity that either:
- Processes personal data at one of its branches in the EU, or
- Is established outside the EU but offers goods or services or monitors the behavior of individuals in the EU.
For more information about whether GDPR applies to your company, refer to official website of the European Union »
What is the difference between a data controller and a data processor?
A data controller is “a legal or natural person” (a person, an agency, a public authority, etc.) who decides what personal data will be used for and how to process it. A data processor is “a legal or natural person” who processes personal data for a data controller.
For example, if a retailer signs a contract with a payroll company to pay its employees, the retailer will provide information about the employees’ salaries, pay frequency and bank accounts. The payroll company stores that data and uses it to fulfill the contract. The retailer is the data controller and the payroll company is the data processor.
See the official definitions on gdpreu.org »
What do I need to do to be GDPR compliant?
To ensure full GDPR compliance, it is best to consult legal counsel. Here are a few general tips:
- Sending personal data over regular email is not GDPR compliant
- Using FTP to send personal data is not GDPR compliant
- Breaches must be reported within 72 hours to the data protection authorities
- Have a GDPR plan by reviewing your data transfer methods
- Appoint a Data Protection Officer
- Demonstrate that measures have been taken to secure data
Thru’s Commitment to GDPR
- Data Protection: We implement robust security measures to protect your personal data from unauthorized access, alteration or destruction.
- Transparency: We clearly communicate how we collect, process and store your data.
- User Rights: We respect and uphold your rights as a data subject, including the right to access, correct and erase your personal data.
- Data Minimization: We only collect and process data that is necessary for the provision of our services.
- Consent Management: We ensure that we have appropriate legal bases for processing your data, including obtaining consent where required.
- Data Processing Agreements: We maintain GDPR-compliant Data Processing Agreements with our sub-processors and clients.
- Breach Notification: We have procedures in place to detect, report and investigate personal data breaches. For more information about our GDPR compliance or to exercise your data subject rights, please contact our Data Protection Officer »
GDPR Data Processing Agreement is available on Trust Center »
Secure File Transfer Overview
There is more to security than compliance. Learn about other measures Thru takes to ensure security.