The Danish DPA announced, from the 1st January 2019, companies will have to encrypt all emails that are transferring sensitive personal data, or face sanctions. This new rule is an interpretation of Article 9 (sensitive personal data) of the GDPR legislation. This will give companies in Denmark or those companies doing business with Danish companies, five months to implement encryption technologies for their email systems.
The GDPR requires data controllers and processors to carry out assessments to examine the safety of personal information held on data subjects. Email encryption must be the default process if an email is holding personal or sensitive data. The Danish DPA states because of the increase in occurrences of emails being sent to the wrong recipients, encryption is the “most appropriate precautionary measure”. It is believed the legislation will apply to a big quantity of mails sent by private sector companies. [Read full article here.]
The Ireland DPC and the UK ICO’s annual reports both show similar trends with regards to the most common data breaches; emails being sent to the incorrect recipients containing sensitive data. Surely, therefore it’s just a matter of time before these countries follow Denmark in enforcing email encryption?
Wizuda’s CFS has been built with privacy by design and includes safeguards to protect against such data breaches and comes with full end to end automated email encryption as standard. Find out more here.