Paubox and GDPR compliance

Featured image

Share this article

GDPR email encryption compliance

Recently, we’ve been asked by a few people if Paubox is compliant with GDPR, so we put together this post to clarify a few points.

If you’ve been following the headlines, then you may have heard about something called GDPR – possibly the biggest change to European data privacy and security in years.

On May 25, 2018, the European Union (EU) General Data Protection Regulation (GDPR) will take effect and any company processes the personal data of an individual residing in the EU when data is accessed must comply with GDPR.

So what does that mean for US based companies, data security, and email encryption?

GDPR impact on US based businesses

As a US based company, if you pursue business in the EU, or actively engage in tracking and collecting information about EU residents online – then GDPR applies to you.

If your US based business processes personal data of EU residents (even if no financial transaction has taken place), then GDPR likely will apply to your company. This applies even if you have no physical presence in the EU.

Is email encryption required to be compliant with GDPR?

If your organization does need to comply with GDPR, then it will be time to re-look at your email security to make sure it’s updated.

Personal data under GDPR includes email addresses and phone numbers – things very commonly used for marketing and client communications. The biggest thing for organizations will be getting clear and explicit consent from individuals to obtain and use their email.

Once a company has that data, they need to have established security measures in place to protect that data.

GDPR does NOT require the use of email encryption, in fact the word “encryption” only appears four times in the policy.

But it does state that organizations should implement appropriate technical measures to insure a level of security appropriate to the risk.

This can be interpreted to mean that email encryption should be implemented where possible when sending any personal data as defined by GDPR.

For example – while a customer may consent to be sent email marketing newsletters – the protection of their data housed in servers should be secure. If for some reason data needs to be exported and emailed to a consultant or even internally, then it’s appropriate that the email be encrypted and protected in transit.

Bottom line

While GDPR doesn’t explicitly state email encryption is mandatory – it’s important to assess how your organization is using personal data and implement the appropriate security measures.

Paubox can help keep emails secure and encrypted in transit without the hassle of portals, keeping the personal data you’re sending safe and secure. Click here to learn more and start a free 14-day trial.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Rick Kuwahara

Rick Kuwahara is COO and Chief Compliancy Officer for Paubox.

Read more by Rick Kuwahara

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022