Using FTP to transfer and receive data files?

Aside from using email (which has its’ own issues), using File Transfer Protocol (FTP) to transfer data is still one of the most widely used mechanisms.

FTP was not designed to be secure and so if you are using FTP, we would advise that you stop now. More recently, people have been using secure FTP, which is much better but still presents a number of issues when it comes to complying with GDPR.

Firstly, they can be tricky to set up and involve technical input from your IT department. Aside from the overhead in setting them up, the operation of them can be fairly clunky.

Even when using secure FTP, the data is not necessarily encrypted or protected when the data is at rest. This obviously is a vulnerability that needs to be addressed. So if you are using secure FTP, check the status of your data when it is at rest.

Another aspect of FTP, is data retention and data deletion. If your FTP is not actively managed, then data could sit there indefinitely. GDPR requires that you only hold data for as long as necessary and so holding data indefinitely on an FTP, would be a data breach. Furthermore, if data is held on old servers they could become vulnerable to attack.

Finally, we believe that you should know who has transferred data where, when and how. A central audit trail is the best way to do this and would be seen as good data governance.

dataXchange not only enables you to transfer data securely, but eliminates all of the above issues.

Telephone 0345 121 2280
Email support@dataxchange.eu
Company Reg 358 9570
VAT Number 7177759 90