Transferring personal data by USB device
USB devices offer a convenient way to transfer data between two computers. However, their small physical size and large data capacity means that large volumes of personal data can be lost or stolen with relative ease.
Furthermore, if personal data is not securely wiped from USB devices prior to reuse there is a possibility that data considered deleted by the data controller could be recovered by a third-party.
Personal data can be encrypted by placing the files within an encrypted container on a USB device but requires the recipient to have access to the same encryption algorithm or software.
Hardware encrypted USB devices are also available which contain the necessary encryption capability embedded within the device, meaning that the data can be decrypted without the need for the user to install additional software. Due to a number of security risks present in permitting the use of USB devices, a number of organisations have implemented policies which forbid or technically limit the functionality of USB devices.
The sender would also need to consider a method to transfer the key or password to the recipient over a separate communication channel.
Contact Us
Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
GDPR Local team.
Recent blogs
Navigating the Contradictions: Automated Decision-Making and Regulatory Legislation in AI Systems
The Dilemma of Automated Decision-Making At the heart of AI systems lies the promise of aut
How to Implement the New AI Law in Your Company
The implementation of the AI Act marks a significant stride towards responsible and fair use of art
Article 14 Guide: Meeting Regulatory Requirements for Personal Data Not Directly Obtained from Data Subjects
Imagine a software-as-a-service (SaaS) company looking to grow its clientele by purchasing leads fr