Does GDPR affect my email security?

What is the GDPR?

The General Data Protection Regulation is a new law in the European Union that comes into full effect in May 2018. Any organisation that holds data about any resident of the EU is expected to comply. The European Commission defines personal data as “any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address”. Clearly, this new regulation has broad implications for most businesses.

What’s the aim of the GDPR?

It aims to protect the rights of individuals in respect of their data. It will hopefully help EU citizens’ control their own personal data by strengthening the controls around how data is collected and stored on different servers by both public and private organisations.

How does this affect email security systems?

In order to comply with the GDPR, organisations need to:

  • Comply with requests to ‘the right to be forgotten’ – this means the system will erase users’ personal data and cease further dissemination of said data if the user requests as such.
  • Put in place appropriate technical measures to ensure ‘privacy by design’ – email encryption and compliance capabilities should be included in an organisations email security infrastructure.
  • Be able to swiftly discover if there has been a security breach of personal data and notify the appropriate authorities within 72 hours of identifying it – organisations can expose themselves to a variety of risks through unsecured email accounts – including phishing, ransomware, viruses and reputational damage should a hack be disclosed. Under the GDPR disclosing hacks and security breaches is mandatory.
  • Be capable of informing organisations as to whether or not personal data that concerns them is being processed and if so where and for what purpose.

If a business does not comply with the rules and regulations of the GDPR they could be fined up to €10 million or 2% of their annual turnover.

To find out more about email security and how MailCleaner could protect your business and help you to comply with the GDPR, get in touch!