You have to handle other people’s things carefully, that is what I have always been taught. For example, if you destroy or lose borrowed garden items from the neighbor, the relationship could be severely disturbed. So, pay attention. I expect the same from others. This attitude is not always taken for granted by companies and institutions. Of course they do not ask me for my lawn mower. But they do ask me for something even more important: my personal data. And they often do that in a way that is very unsafe, namely via their website.
Unsafe upload of personal data
In recent months I have left my name, date of birth, address, credit card details or citizen service number with an airline company, various web shops and the municipality. Of course the URL’s of the sites where I left my information all had the security lock with https in front of it, but we all know that this does not mean much when it comes to data security. And no, my data has not yet been misused, but I keep having the feeling that this is probably just a matter of time. It must be possible to do it in another way! In fact, thanks to the GDPR it must be done different!
What does work?
There are companies and municipalities that dó understand that you have to deal with data from citizens as safely as possible. They try to minimize the online risks by allowing the uploading and downloading of data via a secured portal. For this they use FileCap, a file server that is hosted locally, encrypts all data and uses a secure connection to send data. Customers or citizens fill in their e-mail address on the site and after confirmation via a link in the e-mail they enter the FileCap portal. This is where the data can be uploaded safely. The advantage is that the information can not be intercepted unencrypted (or that it is read by miscreants). This safe and very user friendly file-transfer-tool is completely GDPR-compliant.
Of course it takes time before all companies and organizations use a safe file share environment. Until then, it is important to think about with whom and especially hów you share your personal data with third parties. It is not unreasonable, but rather wise, to ask companies whether you can send the required information to them in a safe way. Hopefully, it will bring about a consciousness that the GDPR not only applies to privacy-sensitive data that they possess. It also applies to the way these are forwarded to companies.
Thomas Calf, Account manager at Contec BV