In a post-GDPR world and people are still sending data by email…

One of the problems with GDPR, is that it doesn’t state exactly what people should do when it comes to securing personal data. Businesses should use appropriate organisational and technical measures to protect data, which is pretty vague and open to interpretation.

With this in mind, when transferring data, should you be using email?

Some would argue that as long as data files are password protected, then this would be appropriate. Others argue that email is not at all secure and shouldn’t be used at all.

The Information Commissioners Office (ICO) have given some guidance and things to consider when using email. Indeed, they provide two examples of data breaches where email was used resulting in hefty fines.

So even if data is encrypted or password protected when sent by email, it can create other issues in terms of complying with GDPR.

  • File replication occurs when using CC to copy in contacts on a send. This can result in multiple copiesof the data file being stored in different inboxes. When it comes to dealing with Subject Access Requests (SARs) and the right to erasure, you have to know where data resides. Storing data in multiple inboxes,makes this more difficult
  • When sending data via email, the data will have to be encrypted which is often a manual process. Furthermorethe password should be communicated via a different channel, such as by telephone. Do not under anycircumstances include the password in the body of the email if encrypted data is attached. There is a significant hassle factor in encrypting data, so this should be a consideration
  • When transferring data via email, there is no confirmation that the data has been received unless the recipient informs you. When transferring data, it is useful to know that the data has been received safely. Also, there isno central view of who is sending data where, or where data is coming from. Good data governance would include an audit trail of who sent what where and when

So when considering the above, email may not be the best transfer mechanism. Our dataXchange software eliminatesall of the above issues. Why not book a demo now.

Telephone 0345 121 2280
Company Reg 358 9570
VAT Number 7177759 90