Does anyone of you know tools or services that can help to securely exchange (personal or sensitive) data between two parties?
After some requirements analysis, the tool or service should (among others) be able to respond to the following high-level requirements (read: guarantee a secure data life-cycle management compliant to for example GDPR):
Identification & authentication (if possible via a federated SSO corp. login and for external/non-corp users; a 2FA based authentication). A metadata audit trail is kept of those logins.
When keying a new transfer, first enter metadata like: justification for (personal or sensitive) data exchange + description of the (personal or sensitive) data (to be stored as an audit trail).
Enter the sensitive data (text field) or attach files.
Set the time to live (a TTL like: 1 ... n views, 1 ... n hours, …).
Choose recipients or recipient channels.
All the keyed data is stored securely by the tool or service (encrypted, limited access, ...).
A unique ("token") link is sent (copy/paste) by the tool to the identified recipients (link in email, update of a Jira ticket, ... ).
Through this link and (web)GUI, the recipients can look at or download the data, or "reply" with a new set of data in this "data exchange session".
After the TTL is reached, the data is securely erased/destroyed, audit trail (metadata) is kept. ...
