General Data Protection Regulations (GDPR) impact more than just companies in the European Union (EU). Organizations across the globe that deliver products and services to EU citizens and companies need to understand the best ways to manage their GDPR compliance. Failure to comply can result in considerable consequences, from fines to legal expenses, to a negative reputation.
How GDPR compliance impacts email security
Most organizations operating adjacent to the EU know that GDPR requires them to protect personal data, significantly altering the paradigms of consent and privacy rights. When workers sit down to manage their emails during a typical workday, most aren't thinking about GDPR compliance. That's particularly true for individuals working outside the EU. Still, even if your company is in the United States, the plethora of personal data sitting on your email server may be subject to GDPR if the company delivers products and services to EU consumers.
Article 5(f) of the GDPR outlines a specific provision regarding email security. It states that "organizations must protect personal data against accidental loss, destruction or damage, using appropriate technical or organizational measures." Once you get past the legalese, it's pretty clear that organizations are responsible for taking all measures possible to ensure that the privacy information in their colleagues' email boxes remains secure.
Amazon privacy breach fine
Luxembourg National Commission for Data Protection (CNDP) issued the biggest fine to Amazon.com Inc. in its history for GDPR violations. The fine’s amount was $888 million (€746 million) and was issued after a complaint was filed by 10,000 people through a French privacy group in May 2018. After the CNDP opened an investigation into Amazon’s method for processing its customer’s personal data, they found that Amazon’s advertising targeting system was an infringement of their customers’ rights because they carried it out without receiving proper consent.
Five tips on staying compliant, relating to email
Here are five tips for managing company emails to remain GDPR compliant:
1: Understand your organization's readiness posture
GDPR requires that organizations step up and take responsibility for the confidential information on their networks. With email being the source of most breaches, evaluating organizational security posture for email security is the first step to maintaining GDPR compliance. Areas to assess include training for safe handling of private email data and policies and procedures about information security and privacy.
2: Pinpoint high-risk email exchanges
You can't protect what you can't see. Routinely inspect and audit email contents to ensure compliance requirements are adhered to and help your organization quickly identify high-risk areas.
3: Establish capability for rapid fulfilment of subject access requests
GDPR requires organizations to rapidly locate and compile information for individual subject data requests. Organizations must establish the procedural and technological capabilities to comply with these requests.
4: Leverage email encryption across the enterprise
Even well-meaning colleagues accidentally share information with unauthorized recipients. That can have severe ramifications under GDPR rules. Encryption helps ensure that only the intended recipients can access sensitive information.
5: Use Intelligent Email Security
A typical business can have individuals sending thousands of emails in a single day, amounting to thousands of opportunities every day for a costly GDPR breach. Intelligent email security solutions can prevent email breaches, automatically protect sensitive information, and help companies identify and investigate their highest risk areas. The best solutions can also aid companies in fulfilling mission-critical subject access requests for email data.
GDPR compliance with Egress
Traditional email security solutions fall short in ensuring GDPR compliance. Egress' Intelligent Email Security uses contextual machine learning to identify individual users' behavior as they share data via email to spot anomalies and stop security breaches before they happen. Analyzing email recipients, subject line, body, and attachments can ensure that confidential data is only shared with the correct recipients. Integration with Office 365 and Outlook and deployment on mobile devices allow our solution to prevent data breaches no matter how colleagues exchange information.
Egress ensures that all emails and large files shared via Office 365, Outlook, and mobile devices remain encrypted. The UK government certified the solution because it provides companies with complete control over shared data. Powerful email recall capability goes well beyond the out-of-the-box functionality of email platforms and can prevent recipient actions downstream like printing and copy/paste.