Which role does email encryption play in the EU GDPR?
Legal requirements | 28. AUG 2019
The European General Data Protection Regulation (EU GDPR) demands the encryption of emails. Digital transmission of personal data may only be processed conforming to the principles relating to processing of data according to the EU GDPR chapter 2, article 5. It shall be taken into account that the protection of personal data must justify efforts and expenses.
Since email encryption is an automated and very efficient process when using a solution such as Z1 SecureMail Gateway, constructing a case in which the protection of personal data is outweighed by effort is extremely difficult. Data protection authorities and courts are also aware of this.
If you have no email encryption solution at your disposal, you need to rely on paper mail. If you send personal data by email, it must be encrypted.
Here are a few examples of what companies are not legally allowed to distribute by email unless they use an encryption solution:
- attendance lists for events,
- application data,
- patient data,
- legal documents,
- payrolls for employees or accounting
- order confirmations with sensitive data, such as by online pharmacies or sanitary suppliers
This is only a small excerpt of situations in which encryption is necessary.
Data protection is easy to establish with Z1 SecureMail Gateway. Even when there is only a low level of protection needed, efforts and expenses are quite reasonably met.
The EU GDPR is not something one can wait out, read our article for more:
EU GDPR results: first million euro fines and more audits announced
and place your request today.