GDPR Compliance for Secure File Transfers

We Help You Protect EU Citizens’ and Residents’ Personal Data

gdpr compliant secure file transfer encryption

By encrypting all files in transit and at rest, Thru keeps your users’ personal information protected. In addition, the risk that unauthorized employees can access this data is reduced.

gdpr compliant secure file transfer consent

Administrators can require user agreements before sending or receiving files to help you remain GDPR compliant.

gdpr complaint secure file transfer right to be forgotten
Right to be Forgotten

Users can request removal of personal information in Thru.


What is GDPR?

General Data Protection Regulation (GDPR) was created to better protect the personal data of EU citizens and residents. It was approved by the EU Parliament on April 14, 2016 and went into effect on May 25, 2018.

Who has to comply with GDPR?

GDPR applies to any company or entity that either:

  • Processes personal data at one of its branches in the EU, or
  • Is established outside the EU but offers goods or services or monitors the behavior of individuals in the EU.

For more information about whether GDPR applies to your company, refer to official website of the European Union »

What is the difference between a data controller and a data processor?

A data controller is “a legal or natural person” (a person, an agency, a public authority, etc.) who decides what personal data will be used for and how to process it. A data processor is “a legal or natural person” who processes personal data for a data controller.

For example, if a retailer signs a contract with a payroll company to pay its employees, the retailer will provide information about the employees’ salaries, pay frequency and bank accounts. The payroll company stores that data and uses it to fulfill the contract. The retailer is the data controller and the payroll company is the data processor.

See the official definitions on »

What do I need to do to be GDPR compliant?

To ensure full GDPR compliance, it is best to consult legal counsel. Here are a few general tips:

  • Sending personal data over regular email is not GDPR compliant
  • Using FTP to send personal data is not GDPR compliant
  • Breaches must be reported within 72 hours to the data protection authorities
  • Have a GDPR plan by reviewing your data transfer methods
  • Appoint a Data Protection Officer
  • Demonstrate that measures have been taken to secure data

Thru GDPR Compliance Policy »

Secure File Transfer Overview

There is more to security than compliance. Learn about other measures Thru takes to ensure security.


Have questions about security and compliance for file transfers?

Get answers, not a sales pitch. Since 2002, we have addressed and solved secure file transfer challenges.


Scroll to Top