Royal Dutch Automobile Association uses secure email for its contact center

Photo by Kenny Eliason on Unsplash

Meint Post

22 May 2024

The Royal Dutch Automobile Association (ANWB) operates the largest emergency contact center of The Netherlands. Wherever its members encounter problems, be it vehicle related or involving personal health, the ANWB stands ready to help. The ANWB delivers worldwide support via its contact center. SecuMailer delivers its secure email solution to ANWB’s contact center, also on a global scale, fully compliant with GDPR and eIDAS regulations and with 100% uptime.

Customer: Royal Dutch Automobile Association

In a few sentences, please tell us why this initiative is important for data security and three big takeaways that you’d like the reader and audience to know.

This initiative is important because it demonstrates that security and privacy can be maintained in emergency contact situations where response time is of the essence.

3 big takeaways:

  • Secure Email can be made fully compliant with the GDPR and eIDAS
  • Secure Email can be used for personal (health) information if supported by a well thought out standard (eIDAS standard for protecting personal gealth information via secure email)
  • Data minimization leads to better data security and privacy guarantees

Briefly describe any barriers to developing this data security and privacy initiative.

  • Secure email with personal health information needs to be protected by using 2FA for sender and recipient.
  • Personal data of EU citizens cannot be processed without extra security measurements in the USA, due to Schremms II.
  • Due to GDPR it is advised to avoid extra copies of emails in portals or cloud (to comply with the data minimization principle).
  • Personal health information should be private and only available for the ANWB customer and the medical specialists.

What is the impact of the initiative on data subject privacy and the proportion of data subjects affected?

The initiative had an impact on ANWB’s contact center staff and its customers. The privacy of all data subjects is fully protected during the communication of personal health information. No data leaks have been reported.

Provide 2-4 specific examples and metrics demonstrating how this data security program or initiative has enhanced the organization and its bottom line.

0 data leaks reported (no results delivered to wrong recipient)

Communicated securely with over 50+ countries worldwide.

No impact on ANWB contact center way of working, nobody using short cuts to circumvent SecuMailer.

In a few sentences, please explain what data security and privacy risks are reduced by this initiative.

By securing the automated emails the following data security and privacy risks are reduced:

  • No emails are send to the wrong recipient
  • No personal health information is revealed by email to persons that are not entitled to this information
  • No emails were processed on USA located systems, so no dependency on the privacy shield.
  • No emails were sent to insecure mail servers
  • This all leads to the conclusion: The customer has not suffered any dataleaks due to SecuMailer and therefore all fines for the GDPR are avoided

By using secure email technology instead of web based portals to inform the recipient of his/her personal health information:

  • No extra copies of the emails are created
  • No data concentration is created

Provide specific examples of how the data security and privacy initiative has been integrated into the organization.

ANWB IT did a full procurement intake with vendor management risk assesment. Together with ANWB IT we implemented the SecuMailer solution by integrating with their corporate email system.

Better with Amazon Web Services

SecuMailer uses AWS Lambda serverless computing to perform its SaaS services. Thanks to the elastic scaling capabilities of AWS Lambda the SecuMailer SaaS platform is able to scale from single digit email loads to millions of emails per hour. This is very helpful in the case of ANWB because its dealing with a lot of seasonal differences in traffic. Peak periods are during the summer when Dutch clients go on vacation and experience car problems or medical emergencies. In the winter its dealing with rain, sleet and snow which impacts car performance or can lead to collisions due to road conditions. Without AWS Lambda SecuMailer would need to maintain excess capacity at extra costs for limited peak moments per month. Next to the scaling capabilities of AWS Lambda there’s also the data security aspects. Because AWS Lambda avoids the usage of permanent physical servers there are no digital traces left when processing emails. With every email several lambdas are executed, none of which leave any digital traces behind. Lastly AWS Lambda works very well with encryption, be it via encrypted environment variables or via AWS Security Manager, which ensures that all data, whilst being processed, remains fully confidential.

Implementation:

Onboarding with SecuMailer is done by the following steps:

  • Buy your solution at AWS marketplace
  • Follow your implementation instructions ( 30 minutes- 2 hours work)
  • Get personal workshop to integrate all data security and privacy measures also in your organization policy
  • Start sending out all your emails secure and fully compliant with GDPR and eIDAS

Background information SecuMailer

SecuMailer is a private company. We provide our customers with a SaaS solution to send confidential information by secure email.

SecuMailer was started in 2017 by Yvonne Hoogendoorn CIPP/e and Meint Post CISSP / ISSAP

SecuMailer is fully compliant with the GDPR and certified for eIDAS , ISO 27001:2022, NTA 7516 and has the ECSO-label (European Cyber Security Organization).

SecuMailer is available on the AWS Marketplace.

SecuMailer is one of the founders of the Dutch regulation NTA7516 for secure email with personal medical information. This regulation combines elements of the GDPR, The eIDAS and the Dutch medical laws.

Lees verder

How to Securely Send Large Files via Email

Most of the email our customers send are regular messages to their customers. Sometimes, however, a large file is sent, and nothing is more annoying than the message: the email could not be delivered because the message is too large. SecuMailer has a common limit of 10 MB, but sometimes this is not enough.

10 questions about NTA 7516

With the publication of the NTA 7516 on May 15, 2019, a field standard has been created for sending personal health information by email. Healthcare providers will have to take measures to comply with this standard.