Fast, but is it secure? Using WeTransfer and protecting company data

In our day-to-day work, we often need to send large files. Services such as WeTransfer may seem like a quick and convenient solution, but using them without your employer's knowledge and consent can lead to serious breaches of data protection laws. Do you know the risks of transferring files via WeTransfer? What consequences could your company face?In our day-to-day work, we often need to send large files. Services such as WeTransfer may seem like a quick and convenient solution, but using them without your employer's knowledge and consent can lead to serious breaches of data protection laws. Do you know the risks of transferring files via WeTransfer? What consequences could your company face?

Why it matters.

WeTransfer, despite its popularity, does not always comply with company security policies. Transferring files without your employer's consent, especially if they contain personal data or confidential information, can expose your company to a breach of the RODO regulations. Using unauthorised services can result in a lack of control over and protection of transferred data, which can lead to serious legal and financial consequences.

What are the risks?

  1. Lack of control over data
    Using WeTransfer without the employer's consent means that the company loses control over where and how data is transferred. WeTransfer does not provide full data encryption in the free version, which increases the risk of data interception or unauthorised access.
  2. Lack of logging of transfers
    When a company does not have information about what files have been sent and to whom, it is impossible to monitor and audit data flows. This can be problematic in the event of a data security breach.
  3. Unknowingly violating RODO regulations
    Sending personal data via WeTransfer without consent may violate data protection rules, as the company is not sure whether the service complies with all requirements for processing personal data under RODO. This can lead to penalties by supervisory authorities.

Real-life example

In one company, the IT department received a request from a sales employee who had a problem accessing certain files. In order to resolve the issue quickly, he decided to upload documents with customer data using WeTransfer without consulting the IT department. The employee sent the link to download the files to his colleague, but accidentally mixed up the email addresses. The link went to someone outside the company, who was able to download files containing detailed customer contact information and information about their business preferences.

The company only became aware of the breach a few days later, when one of its customers reported that he had received disturbing emails from someone who had access to his data. The situation forced the reporting of the breach to the supervisory authority, which not only damaged the company's reputation, but also entailed the costs associated with notifying customers and implementing additional security measures.

What can you do?

  1. Use authorised tools
    Always use tools and services approved by your company for file transfer.
  2. Consult data transfer
    If you need to send files containing personal data, always consult your IT department or the person responsible for data protection in your company. Make sure that the chosen transfer method complies with the security policy.
  3. Secure files before uploading
    Before uploading files, always check that they are properly secured (e.g. encrypted). If you need to use an external service, make sure that access to files is password protected.
  4. Remember responsibility
    No matter how convenient the service may seem, remember that data protection is the responsibility of both the employer and the employee. Any mistake in this regard can lead to serious consequences for the company.

Remember

Using unauthorised services to transfer files can expose your company to serious data protection risks. Always make sure you comply with the company's security and data protection policies to avoid unpleasant consequences for both yourself and the organisation.

Czytaj także:

Najczęstsze błędy przy zawieraniu umów powierzenia
Administratorem Twoich danych jest ODO 24 sp. z o.o. z siedzibą w Warszawie (03-812) przy ul. Kamionkowskiej 45. Twoje dane są przetwarzane w celu świadczenia usługi biuletyn informacyjny na zasadach określonych w Regulaminie ŚUDE. Więcej informacji na temat procesu przetwarzania danych osobowych oraz przysługujących Ci praw uzyskasz w Polityce prywatności.
Potwierdź swój adres e-mail
Wejdź na swoją skrzynkę pocztową, otwórz wiadomość od ODO 24 i potwierdź adres e-mail, klikając w link.
Jeżeli nie znajdziesz naszej wiadomości - sprawdź w folderze SPAM. Aby w przyszłości to się nie powtórzyło oznacz wiadomość jako pożądaną (klikniknij prawym przyciskiem myszy i wybierz "Oznacz jako wiadomość pożądaną").
Odbierz bezpłatny pakiet 4 poradników
i 4 szkoleń e-learningowych RODO
4x4 - Odbierz bezpłatny pakiet 4 poradników i 4 szkoleń RODO
Administratorem Twoich danych jest ODO 24 sp. z o.o. z siedzibą w Warszawie (03-812) przy ul. Kamionkowskiej 45. Twoje dane są przetwarzane w celu świadczenia usługi biuletyn informacyjny na zasadach określonych w Regulaminie ŚUDE. Więcej informacji na temat procesu przetwarzania danych osobowych oraz przysługujących Ci praw uzyskasz w Polityce prywatności.
Administratorem Twoich danych jest ODO 24 sp. z o. o. >>>