GDPR and email, here’s is what you need to know


22 February 2021

The GDPR is the law that has been protecting the privacy of EU citizens since May 2018. All organisations (especially within Europe) must comply with the GDPR. Companies and organisations are obliged under the GDPR to ensure that the information they have about their customers cannot leak or fall into the wrong hands. If they cannot guarantee this, they will be held accountable by the Dutch Data Protection Authority (AP).

Much attention has already been paid to the prevention of data leaks and computer hacks. What is often not properly arranged is the e-mails that organisations send. SecuMailer helps organisations with GDPR and email, so that they can e-mail securely.

GDPR email, secure email

It is precisely when you email to consumers and citizens that the GDPR applies. This means that email should not contain any personal information. Do you still want to send personal information by email? Then you must use secure email; GDPR email.

What does the GDPR say about emailing?

The Dutch Data Protection Authority states very explicitly on its website that unsecured email is no longer permitted for sending personal data. The new privacy legislation states that the processing of personal data must be protected with appropriate measures (such as encryption). The sender is responsible and must take measures to prevent unauthorized access to the information.

The Dutch Data Protection Authority provides examples of “appropriate measures” for GDPR and email. SecuMailer fully complies with this appropriate measure:

Encrypting email traffic between mail servers using one or more modern internet standards. Examples of modern internet standards are STARTTLS, SPF, DKIM, PGP and S / MIME.

The law does not specifically address the technical requirements for the secure use of email.

How does SecuMailer take care of GDPR email?

We make email GDPR proof and therefore secure by using encrypted mail server settings. About 96-98% of the email servers in the Netherlands are set up to use encryption (TLS) to send and receive the email. However, this cannot be seen in advance by an email address. So in order to know which email can be sent securely, SecuMailer first makes contact per email address to determine the encryption. Only then do we send the email. We also have automated solutions for the last 5% of emails that cannot be sent securely. For this, the recipient has to put in some extra effort to retrieve the message, but that is also very user-friendly.

SecuMailer could also be the solution for your organisation to be able to email customers GDPR proof.

Would you:

  • Want to send an email securely without a portal or passwords?
  • Be GDPR compliant?
  • Want to email securely via all common email applications and devices?

Send and receive with the greatest of ease

Get in touch with us and experience the difference SecuMailer can make for you and your recipients.