Table of Contents
The term data transfer refers to all methods that transfer information from a sender (information source) to a receiver (information sink). It therefore essentially comprises the transfer of digital data and is also referred to as data or information transfer. The transfer takes place via the Internet.
Compared to a physical dispatch, the location of the sender and the recipient is not important in a digital data exchange. The data transfer can take place from anywhere and it supports both collaboration with external parties and the productivity of your own employees, because everyone involved in a project can access and edit relevant data at any time and from any location.
The term "data transfer" is also used as a fixed term in data protection law. According to Section 3, Paragraph 4, No. 3 of the German Federal Data Protection Act (BDSG), this is understood to mean "the disclosure to a third party of personal data stored or obtained through data processing in such a way that the data is passed on to the third party or the third party accesses or retrieves data held ready for inspection or retrieval". The transfer falls under the generic term of data processing.
Special measures for data transfer apply according to § 44 ff. GDPR (General Data Protection Regulation), if the recipient of the data is located outside the European Economic Area. Recent rulings of the European Court of Justice (ECJ) also deal with the framework conditions for international data transfer. According to these rulings, the so-called Privacy Shield for data transfers to the USA has been invalid since July 2020. This means that companies are no longer allowed to use the Privacy Shield as a transfer mechanism to transfer personal data to the USA in compliance with the law.
Excursus: What is behind the Privacy Shield
Behind the EU-US Privacy Shield (also called EU-US Privacy Shield) is an informal agreement negotiated between the European Union and the United States of America in 2015/2016. In July 2016, the EU Commission determined that the specifications of the Privacy Shield correspond to the level of European data protection. However, four years later this agreement was overturned by the so-called Schrems II ruling of the European Court of Justice. When data is transferred outside the EU or the European Economic Area to so-called third countries, the GDPR places special demands on data protection. And this is already the case when data is stored in a company via backup in a cloud or the software used to create a newsletter originates from the USA. However, the same also applies when data is transferred from different companies, but all belong to the same group.
Although the Schrems II ruling allows companies which in practice use particularly important EU standard data protection clauses to continue to use these clauses for the transfer of data to the USA or other third countries - but at their own responsibility. In doing so, they must check on a case-by-case basis whether an equivalent level of protection as in the EU is guaranteed for the transfer of personal data. The ECJ and the European Data Protection Committee (EDSA) thus clearly assign responsibility to the business The changed legal situation poses further challenges for companies and should therefore also influence the decision when choosing a cloud provider. If the cloud provider is based in the USA or a country outside the EU, this also has an impact on how data transfer must be carried out or whether it is even permitted.
As digitization progresses, the ability to quickly exchange large amounts of data in real time is also becoming more important. Particularly in times when people are increasingly working from home or in different locations, fast data transfer via the Internet is becoming even more important. At the same time, it creates a lot of freedom, because many activities are no longer tied to just one place, time or device.
However, digitization is also making data handling more and more extensive. Every type of personal data processing is subject to special protection and must meet high standards, especially in Germany and the EU. In order for data transfer to offer optimum benefits and legal security at the same time, issues such as access rights, control and at the same time the way in which data is exchanged must be clearly defined. After all, the most efficient and well thought-out use of digital data is the key driver and therefore a competitive advantage for companies in their digitization strategy. Here it is essential to standardize business processes, use information intelligently and increase efficiency in all processes. IT is responsible for ensuring that these processes are legally compliant and technically feasible, and for providing maximum security without compromising usability for the user.
Excursus: Dangerous Data Transfer via USB Stick
Even today, the greatest danger still lies in the careless storage of company data on a USB stick. However, what may seem practical at first glance is fraught with maximum risks. If an employee leaves a company or the stick falls into the wrong hands, it is simply no longer possible to trace where critical company or personal data ends up and what happens to it. As a result, the requirements of the GDPR can no longer be met. Companies must therefore clearly define how data can be exchanged securely both internally and externally.
Get your free full version of DRACOON with 10 users and 10 GB of highly secure cloud storage and store, send and manage your data in a secure way.
There are various options for exchanging data digitally, for example via a classic e-mail attachment, a share link, via upload to the cloud or via an FTP server. However, secure data transfer is paramount - which is why a cloud is particularly suitable for data exchange.
The requirements for data transfer have changed fundamentally in recent years. While in the beginning, a small percentage of employees were already satisfied with sending or receiving data securely as part of an ad hoc transfer, the needs grew where many employees had to work together either on different projects, locations or with external parties. While ad hoc data transfer was simply a matter of exchanging data, secure collaboration tools were required here, which, above all, based on different access rights (such as read-only rights or write and full editing rights) created opportunities for data to be edited by different groups and locations. If people involved in the process were removed, they had to be able to leave the system in real time and thus also be released from data access. With so-called Enterprise File Sync and Share Services, on the other hand, documents and files can be synchronized on various end devices, but also shared with other users. The data is stored centrally and protected in a cloud. With these EFSS systems, access is via a web browser and appropriate software or apps that are used to synchronize the integrated end devices. However, an EFFS system not only includes the basic synchronization of data with release and upload functions, but also the classic possibilities for collaboration, which ensure, for example, that data is not sent via mail attachments or that different versions of files are possible.
In order for the data transfer to be encrypted, the data must be sent encrypted. With client-side encryption, the information is already encrypted at the sender's device, remains secure on the transmission path and can only be used by an authorized recipient because only then is it decrypted again. This ensures that the information to be transmitted is protected against unauthorized access by third parties, cybercrime and industrial espionage. In particular, personal or sensitive business data should never be transmitted unsecured.
Even large volumes of data can be made available quickly and easily via the cloud by means of download sharing. Here, the sender can not only limit the number of downloads, but also generally determine how long the data should be available. Extended protection is provided by the additional assignment of a password, which is sent via a different communication channel separately from the download release, which is sent by e-mail. With the appropriate Outlook add-in, file attachments from e-mails can even be automatically converted into download shares and secured in the cloud.
Particularly when working together in a team, separate data rooms are ideal for projects. Within these data rooms, the room administrator can add further persons at any time and thus provide them with the intended access (optionally read-only, write access, etc.). All persons involved in the project are kept up to date via so-called note functions or email notifications when new files are uploaded.
Modern enterprise file services also offer a fine-grained rights system. Here it can be clearly defined which person should be granted which rights to view and edit data. Since these rights are not linked to a device but to a user, the cloud service ensures that all data is also available on all end devices with which the respective user works. If, for example, an employee leaves, one click is all it takes to delete all authorizations.
The storage of data is particularly easy on laptops or PCs. The Enterprise File Service can be integrated like a separate drive and the user simply stores his data on a virtual drive without having to change his usual behavior when storing information. In addition, the cloud can also be controlled via a web browser or app.
A reporting tool provides an insight into what happens to the data or which data has been processed when. If larger amounts of data are being drained, corresponding alerts can be generated here as well, which warn automatically.
Via API, the cloud service also serves as the central core and data storage. In this way, every connected system can access and process the required information, but it is avoided that the data is located at different points in the company. With a certified Enterprise File Service, therefore, all possibilities of internal and external electronic data exchange can be used - this ensures secure data transfer.
In the area of data transfer / data exchange, the following topics should also be considered.
Cloud-based services usually refer to Internet-based IT solutions offered by a service provider, although self-hosted cloud solutions are also conceivable.
The major advantage of a cloud is that the user doesn’t have to worry about operating the infrastructure – the provider is responsible for security, availability, maintenance, and updates. Using a cloud is therefore much more secure and cost-effective than operating your own IT infrastructure.
Collaboration tools are another form of electronic data transfer. A key feature of collaboration software is the ability to share and collaborate on documents and files. For example, a number of online collaboration tools use a central storage solution that allows project managers and administrators to specify individual access rights.
Sharing, distributing, and synchronizing files is now commonplace at many organizations. But the fact that this is often carried out using methods not approved by the IT department is a source of aggravation for IT administrators. Files the company has a vested interest in protecting are still being shared in unencrypted form using public cloud services such as Dropbox, Google Drive, and others.
This security issue became increasingly problematic over the years, prompting the research and advisory company Gartner Inc. to create a new product category in 2014 – enterprise file sync and share, or EFSS for short.
A cloud-based system for managed and secure enterprise data transfer between users, customers, and business partners requires effective encryption technology. Appropriate solutions ensure that documents and other files can be transferred and used securely.
Platform-agnostic clients make universal data transfer possible on devices of all kinds – whether via browser-based solutions or in apps on smartphones and tablets.
File sharing is a method of saving and distributing files of different sizes online.
In this context, data security plays an essential role. A modern file sharing system must use end-to-end encryption. This ensures that only the recipients and senders of files have access to the file’s contents.
New legislation such as the GDPR, authorization policies in sensitive departments, and modern working methods require companies to rethink their approach, however – enterprise file services including sync and share can be introduced parallel to the existing file server and offer numerous advantages.
Do you have questions about data transfer or would you like us to call you back? This contact form is the fastest way to reach us:
Would you like a personal conversation?
Then simply arrange an appointment with one of our experts by selecting a suitable date in the calendar here.