Why it matters.
WeTransfer, despite its popularity, does not always comply with company security policies. Transferring files without your employer's consent, especially if they contain personal data or confidential information, can expose your company to a breach of the RODO regulations. Using unauthorised services can result in a lack of control over and protection of transferred data, which can lead to serious legal and financial consequences.
What are the risks?
- Lack of control over data
Using WeTransfer without the employer's consent means that the company loses control over where and how data is transferred. WeTransfer does not provide full data encryption in the free version, which increases the risk of data interception or unauthorised access. - Lack of logging of transfers
When a company does not have information about what files have been sent and to whom, it is impossible to monitor and audit data flows. This can be problematic in the event of a data security breach. - Unknowingly violating RODO regulations
Sending personal data via WeTransfer without consent may violate data protection rules, as the company is not sure whether the service complies with all requirements for processing personal data under RODO. This can lead to penalties by supervisory authorities.
Real-life example
In one company, the IT department received a request from a sales employee who had a problem accessing certain files. In order to resolve the issue quickly, he decided to upload documents with customer data using WeTransfer without consulting the IT department. The employee sent the link to download the files to his colleague, but accidentally mixed up the email addresses. The link went to someone outside the company, who was able to download files containing detailed customer contact information and information about their business preferences.
The company only became aware of the breach a few days later, when one of its customers reported that he had received disturbing emails from someone who had access to his data. The situation forced the reporting of the breach to the supervisory authority, which not only damaged the company's reputation, but also entailed the costs associated with notifying customers and implementing additional security measures.
What can you do?
- Use authorised tools
Always use tools and services approved by your company for file transfer. - Consult data transfer
If you need to send files containing personal data, always consult your IT department or the person responsible for data protection in your company. Make sure that the chosen transfer method complies with the security policy. - Secure files before uploading
Before uploading files, always check that they are properly secured (e.g. encrypted). If you need to use an external service, make sure that access to files is password protected. - Remember responsibility
No matter how convenient the service may seem, remember that data protection is the responsibility of both the employer and the employee. Any mistake in this regard can lead to serious consequences for the company.
Remember
Using unauthorised services to transfer files can expose your company to serious data protection risks. Always make sure you comply with the company's security and data protection policies to avoid unpleasant consequences for both yourself and the organisation.