On May 25th 2018, the European Union (EU) will introduce its General Data Protection Regulation (GDPR). The GDPR is a set of regulations meant to protect personal data of EU residents, and enforces data privacy rules on how organizations collect, store and use the information. Failure to comply with the EU GDPR regulation carries heavy penalties including fines of up to €20 Million or 4 percent of global turnover. This includes information exchanged over email. According to Infowatch global data leakage report, email is the second largest channel for data leaks.
Some key elements of the regulation include:
- GDPR applies to all organizations that process the personal data of subjects residing in the EU, regardless of the organization’s location.
- Breach notification will become mandatory, and must be done within 72 hours of first having become aware of the breach.
- EU residents have the right to obtain confirmation as to whether or not personal data concerning them is being processed, where and for what purpose.
- The right to be forgotten entitles the residents to have the organization erase his/her personal data, and cease further dissemination of the data
- Privacy by design calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition.
Here are certain implications of GDPR on an organization’s emails and email security:
- Personal data is classified as any information that includes personal email addresses, phone numbers etc. that are commonly used for marketing.
- Organizations in regulated industries such as retail, finance and healthcare have to deal with added layers of complexity to comply with competing regulations
- To implement appropriate technical measures to comply with “privacy by design,” organizations must include email encryption and compliance capabilities to their email security infrastructure.
To comply with GDPR, key capabilities to consider while evaluating your email security include:
- A comprehensive multi-layered approach that provides strong inbound and outbound protection
- Sandboxing and quarantining of any unknown email attachments to prevent breaches
- Strong encryption and DLP for compliance and regulatory requirements
Download our tech brief to learn more about SonicWall Email Security’s compliance and encryption service, and how it can help you comply with the EU GDPR.