Hosted~FTP~ is fully GDPR compliant. We do not collect and/or process private or personal information. We provide file transfer/storage services and ensure that all files are transmitted and stored with the most secure data security model available that addresses all the privacy concerns of the GDPR regulation.
“The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. (see link) ”
The Hosted~FTP~ SaaS application has been designed to ensure that all PHI/PII information, including files, login credentials and metadata i.e file-names, folder-names, field names are transmitted and stored securely in the Amazon Web Services infrastructure. Hosted~FTP~ provides for data to be 256 bit AES encrypted in transit, on arrival and at rest.
Hosted~FTP~ implement measures which meet the necessary principles of data protection. We ensure that a very high level of data protection measures is designed into our file transfer and storage business processes. This includes encrypting all metadata i.e. one significant step more than the pseudonymizing of personal data identifying fields as prescribed by the GDPR guidelines.
For transfers by web browsers:
– our website is secured by HTTPS with AES 256 bit encryption (certified by the US government for top secret information)
For transfers by FTP (i.e. FTP client programs, scripts, etc.):
– we support FTPS (FTP over TLS/SSL) with AES 256 bit encryption and SFTP (see this link for a further description of the FTPS and SFTP protocols) with PKI or username/password authentication
Hosted~FTP~ encrypts the data as soon as it arrives at the Hosted~FTP~ Amazon cloud location and before any processing takes place to ensure that the data is never unprotected. This includes all data, credentials and file-names and folder names; a process that is unique to Hosted~FTP ~.
The encrypted files are then securely uploaded by HTTPS to Amazon S3 cloud storage, where Amazon encrypts the files a second time before they are stored.
All Hosted~FTP~ servers are locked down completely except for the ports required to serve HTTP, HTTPS, FTP, and FTPS
All files are fingerprinted with an MD5 hash that is stored with reference to the file. When the file(data) is retrieved the MD5 hash is recreated and compared against the original to establish proof that there has been no tampering.
Please see this link for our security model