GDPR Compliance and Email Security

A short guide to ensuring that your business email infrastructure is secure and does not breach GDPR.

Emails are almost always personal data, in that they tend to comprise data by which a living individual is identifiable. Furthermore, aside from the actual email messages themselves, personal data is often sent in attachments to email. As such the medium is subject to the GDPR and one which represents a very high risk of breaches of GDPR.

If a cloud based email provider is used, then the transfer of any EU personal data to that provider needs to be compliant with GDPR. And if the cloud based servers to which data will be transferred via the use of the email provider are based outside of the EU, then the transmission of any personal data of people in the EU to that provider cannot take place unless the transfer is compliant with the stringent requirements of the GDPR for transfers of data outside of the EU.

The first thing would be to carry out a comprehensive audit of the email provider and the contractual arrangements and terms of service, to ensure that any EU data transferred to them will be compliant with GDPR.

Then you need to look at your own internal measures to ensure that any personal data of people in the EU handled by you via email is done so in a GDPR compliant way.

One of the first things you should look at is security. One of the central tenets of the GDPR is that data must be kept secure. Also, by its nature, email is a major risk of data breaches for GDPR purposes. Unencrypted email is capable of interception and is not secure. Furthermore, the prospect of misdirection is very real with email and the wrong data and easily be sent to the wrong person, or to many such persons inadvertently.

Bear in mind that the GDPR requires mandatory notification of a data breach (which would include any breaches arising as a result of email) to the supervisory authorities within 72 hours of becoming aware of the breach.

GDPR symbol surrounded by stars

Schedule a Call With Us Today

If you process data on EU or UK data subjects and appreciate that compliance with the GDPR is essential for risk management, data-security and customer-confidence in your international business and you feel that you are a good fit for our EU representative services please click the button below to schedule a free call with us today. Assigning an EU or UK representative for your business is a straightforward process and we’ll be happy to talk you through it.

During the call we’ll answer any questions you may have and we’ll go through our service in full detail so that you have a complete understanding of our solution and how it can benefit your business. We look forward to speaking with you.