What you should consider with email and GDPR Compliance
The countdown to GDPR compliance is nearing its end; we’re only a short six months away from May 2018. At first glance, you’d be forgiven for getting lost in the minefield that is the General Data Protection Regulation, especially when dealing with email. We’re here to help.
As part of GDPR, any personal data held by an organisation must come with sufficient consent in order for it to be both processed and stored. Organisations must also make adequate and fast responses to any ‘right to be forgotten requests’.
For many cyber criminals, email is an easy point of entry; often a vulnerable spot in an organisations’ security strategy. Personal data is readily included (or attached) in many of the 205 billion emails sent every day around the world. If this data is intercepted, you risk a data breach and a potentially serious fine from the relevant authority: such as the UK’s Information Commissioner’s Office (ICO).
Compliance with GDPR can also be compromised without any involvement from hackers. Have you ever accidentally sent an email to the wrong contact? Did it contain any personal or sensitive information?
The ICO imposed a fine of £120,000 on a local authority as a result of three data breaches, all involving emails. One of these breaches saw a member of staff sharing the personal data of 241 people simply by entering the wrong address. An easy mistake to make but with serious repercussions for your GDPR compliance.
Email archiving also poses problems in relation to an individual’s ‘right to erasure’, where companies have an obligation to remove all their personal data if there is no compelling reason for its storage or future processing.
Of course, there are many encrypted solutions. However they can be complicated to set up and if sender and recipient don’t have compatible systems, problems may still arise.
GDPR doesn’t have to be the stuff of nightmares
This may all seem incredibly daunting and scary. But it really doesn’t have to be. There are simple ways to communicate sensitive and personal information without risking your compliance and obligations.
View My Doc, part of Datagraphic’s Aceni suite of SaaS applications, hosts documents in a secure, online environment as an alternative to emailing document attachments. You define how long a document is visible and can authorise for it to be withdrawn at any time. Making GDPR compliance and ‘Right to be Forgotten’ requests simple.
Find out today, how View My Doc can help you communicate personal information securely.