GDPR and E-mail security

The European General Data Protection Regulation is effective since 25 May 2018.

All European companies and organizations must provide optimal data protection of all personal data collected or processed by them or their third party providers. They all need to set up internal procedures to guarantee effective data protection and document their compliance at all times.

To comply with these high levels of compliance requirements, all companies and organizations must secure personal data exchanges with other organizations and their customers, and must reinforce the protection of any transmission containing sensitive personal data to demonstrate they have strong personal data rights management.

You can find documented information about the General Data Protection Regulation here:

https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en.

Privacy by design for E-mail

Companies must perform regular assessments on how personally identifiable information is collected, used or shared inside and outside the organization.
A risk-based approach to data protection should be deployed with ‘privacy by design’ in mind.

To comply with the GDPR privacy by design principles, companies and organizations of all sizes should encrypt documents containing personal data information sent via standard electronic messaging services.

As we all know, E-mail is a very simple and useful solution to exchange messages used by all organizations, but E-mail is not a secure means of communication for transmitting sensitive or personal data without using encryption.

Anyone with an access to the E-mail servers may have easy access to E-mail contents. In addition, a simple error in sender address can lead to the disclosure of personal data to unauthorized recipients and potentially infringe the GDPR rules and personal data privacy rights.

Organizations should not transmit files containing personal data in plain text via general public messaging that is not secure and seen as postcards sent via multiple relay servers.

Today, all security experts recommend to use encryption and cryptographic functions to ensure integrity, confidentiality and authenticity of information between parties.

The use of public key algorithms is suitable to guarantee confidentiality and integrity of communications, as well as the authentication of the sender. In addition, the sender has the possibility to electronically sign the e-mail content before sending it to his recipients to prove that he is the originator of the message.

At Safester, we understand the complexity of implementing secure e-mail encryption to protect personal data information exchanges inside and outside organizations of all sizes, particularly for small and medium-size ones, and this is the reason why we developed our easy-to-use and easy-to-deploy solution to facilitate adoption of E-mail encryption.

Please feel free to try Safester on your mobile or desktop and let us know if you have any suggestion.

The Safester Team