You have enough to worry about when it comes to GDPR and personal data protection, don’t let your data sharing and collaboration provider be one of those worries.
HighSide lets you communicate internally and with external third parties through group and individual chat, voice, video & screen sharing - while also enabling you to save, share, and use sensitive & GDPR regulated data, files, folders, documents and more through one, secure platform. Leveraging HighSide’s revolutionary distributed encryption protocol and secure SaaS cloud, completely E2E encrypted data comes standard... as does GDPR compliance.
Talk to a SpecialistGDPR governs the processing, storage and use of personal data for citizens of the European Union (and the UK) with sharp penalties for non-compliance and governs just about all use of customer data. Most processors leave you guessing if their data handling is GDPR compliant, but with HighSide, our decentralized cryptography ensures your data is always secure.
“The controller shall, in order to ascertain whether processing for another purpose is compatible with the purpose for which the personal data are initially collected, take into account, inter alia: appropriate safeguards, which may include encryption or pseudonymisation.”
Because HighSide is E2E encrypted, your data is never available to HighSide or any other third party. Organizations that are using HighSide’s platform don’t have to worry about how GDPR protected data is used, stored or shared by HighSide, eliminating a big stress for compliance teams. HighSide gives organizations the ability to collaborate, where appropriate, with comfort knowing any activity involving personal data is within compliance.
“The controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures.”
HighSide eliminates the need for compliance and security teams to determine technical requirements for the processing of data for storage or sharing. The E2E encrypted nature of the HighSide platform lets authorized users access personal data to complete their job without worrying about the security or safety of that information. Additionally, HighSide provides a full compliance suite that records immutable event logs ensuring a complete picture of who, what, when, and where data was accessed.
The centrally managed HighSide platform gives admins full control over data access, even as granular as setting acceptable physical locations for data usage. For example, many HighSide customers lock employees from accessing personal data unless they are in an approved location such as their home office or the corporate office. This simple (and patented) capability ensures you not only know what device and what user accessed personal data, but that you know where it was accessed from. Eliminate the risk of poor security hygiene (like viewing personal data on a train, in a coffee shop or at a pub) with HighSide’s built-in access control systems.
“The controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: the pseudonymisation and encryption of personal data”
HighSide’s E2E encrypted service delivers out-of-the-box compliance with Article 32 of the GDPR. Unlike other collaboration platforms and file sharing services, customers don’t need to pay more for a secure version of the service nor do they need to think about how to match risk level with security controls. HighSide ensures that all data is encrypted, all the time - in fact, HighSide isn’t technically the processor of the data since data is never decrypted nor can it be.
“The communication to the data subject referred to in paragraph 1 shall not be required if any of the following conditions are met: the controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption;”
GDPR provides strict guidance on how personal data affected in a data breach or leak must be communicated, and how notifications to those individuals must be handled. Without exception, notifying customers of a data breach drives a drop in trust and has a direct impact on revenues, public market valuation, and brand loyalty (impacting future revenues). When personal data is stored in the HighSide cloud, there is a zero percent chance of a data breach (due to the E2E encrypted nature of the platform). With HighSide, organizations avoid one of the biggest impacts to their operations, data breach, and the notification requirements that come with it.
HighSide gives your GDPR regulated teams a familiar user experience, with chat, messaging and voice / video / screen share that feels just like less secure but widely used collaboration and consumer messaging apps. Users can easily message any member of the team (provided their security groups allow for this), share pictures or files to individuals & groups or conduct real-time voice & video calls. All activities on the app, whether it’s sharing an emoji or the latest GDPR regulated data is encrypted on-app with cryptographically unique encryption.
In addition to chat and communication capabilities, HighSide also offers an integrated secure file storage and sharing feature (SecureDrive) that can be used to house operational documentation, maps, plans, photos and more. Share “drives” securely with various members of the team and quickly disseminate important information on a “need to know” basis with configurable security groups.
- E2E encrypted cloud repository ensures your data is always secure - and with a distributed root trust model, no EKM or PKI reliance.
- Selectively enable local editing or synchronization for files and data types that need to be edited.
- Enable third party data collaboration with granular RBAC and user access controls - provide temporary authorization for specific projects to facilitate productivity.
- Built-in support for Microsoft RMS, Azure Information Protection (AIP), and leading endpoint DLP systems.
- Data Residency, Guest Users & Custom Retention Management.
Unlike other popular messaging apps and collaboration platforms, the admin team can control who is allowed into the environment, and has complete authority to revoke encryption keys, suspend access, define acceptable geographical boundaries for usage, manage device authorizations and more. Lastly, all event and message data can be archived for compliance and e-discovery requirements - but also, message and data retention periods are flexible down to minutes or up to centuries and can be easily set to meet with the mission requirements.
Keys are never exposed via SMS or shared across unsecure communications channels. HighSide’s distributed private root of trust model ensures no one can intercept or spoof a user's keys, eliminating “eavesdropping” risks. Designed on a bit-torrent style data transfer framework, HighSide supports extremely poor connectivity environments and ensures all messages, pictures, files, and communications are securely and reliably delivered.