Since the dawn of the digital age, organizational data and information have become among the most valuable corporate assets, and among the largest liabilities as more governments have enacted laws to better protect data privacy. For example, GDPR is forcing more and more businesses to take data protection seriously or face tough financial consequences. But lack of effective data protection technology is making compliance with GDPR and other regulations harder and costlier.
The first challenge of compliance is to monitor the files that contain the regulated data. Files get moved around often and leave copies everywhere they reside, and each copy of the file becomes an independent compliance target. This means the number of regulated files multiplies every day and those files become harder and harder to track.
UDS’s ability to attach an APFX file with unique compliance tags for all copies of the same file makes it possible to provide a complete picture of all files that fall under the regulations. Because UDS enforces access control with the exact criteria to all copies of the same file, they may count as a single copy.
Knowing how much data exits is the first step, controlling the data growth is one step further, but stopping a data breach is the endgame – and UDS brings it to the finish line. UDS encrypts data at rest and in transit using one of toughest methods ever engineered, and includes a unique compliance module that provides a unified access control that surpasses all other access management facilities.
Since all the APFX (UDS protected) files are encrypted, loss of the APFX files does NOT equal a data breach, per GDPR. UDS can also provide the access reporting to back it up. This reduces and potentially eliminates liability even if the environment has been hacked.
Thanks to its extensive tracking capabilities, logging and auditing all changes and access attempts, UDS provides a report on the entire access history for all regulated data. This report can be used as proof of compliance.
In 2019, FBI investigation records were among the three terabytes of confidential information that was exposed to the public by the Oklahoma Department of Securities. That release highlights the inherited risk of data breaches when the data are being exported outside of the original owner. The European Union has ruled that it is the owner’s responsibility to hold third parties compliant with GDPR when transferring data, and the owner should remove the data anytime that noncompliance is determined. Current technologies aren’t up to that task, which makes data transfer a significant barrier in today’s global digital economy and hampers the cooperation among partners, US companies included.
UDS is uniquely designed to provide the same levels of security and access management even post-transfer with external domain access control, an access management facility of UDS. Through external domain access control, permission can be temporarily granted to users in a different UDS domain, which can be the third party’s own UDS domain if it has the service, or the built-in companion domain and adding the third party to enable its access. After the APFX files are transferred, appropriate users at the third party can access the files as long as the permission remains. When the time comes to retract the file, the temporary permission can be revoked and the users at the third party will no longer be able to access the APFX files, even if the files are still in their possession. This feature could significantly expand the number of potential partners for data transfer while still maintaining compliance with GDPR.
This is possible because UDS only grants access permission, and never distributes passwords or keys.
Interested in learning more about how APF can help your organization’s data protection and cyber privacy needs?