The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for individuals within the European Union (EU). It also addresses export of personal data outside the EU.
The regulation was adopted on 27 April 2016. It enters into application 25 May 2018 after a two-year transition period. Important to know: UK’s Government has confirmed that the United Kingdom’s decision to leave the European Union will not affect the commencement of GDPR.
The GDPR will provide a single legal framework which will apply to all members of the EU and to all organizations, companies and agencies outside the EU processing, storing and using personal and private data of EU citizens, streamlining and hopefully simplifying what is currently a mix of laws for each member country. Directly concerned with the collection, storage and use of personal data, this will impact every business that holds any personal data in any format.
If a business collects, stores or uses personal data then the GDPR applies and now there is an obligation for compliance, with serious penalties for those that don’t.
Most companies will already be looking at how they acquire, store and manage personal and sensitive data.
It was found, however, that many organisations are not aware of the risks concerning the transmission of this data between internal employees and external clients.
What measures are currently in place for sending sensitive personal/financial data via email?
How does your business document it is compliant in this situation?
Non-compliance may leave a business open to substantial fines under the GDPR. Article 83(5)(a)[1] states that infringements of the basic principles for processing personal data, including the conditions for consent, are subject to the highest tier of administrative fines. This could mean a fine of up to €20 million, or 4% of your total worldwide annual turnover, whichever is higher[2].
In this Blog additional articles on GDPR will be published from time to time. Please also register for our newsletter to learn more about latest developments on GDPR and how to document compliance using new technology while maintaining ease of use and the highest user experience levels.
The RMail package provides a solution to a specific aspect of GDPR compliance, regarding the secure transmission of sensitive personal, financial or confidential data (refer to article 5 §§1f, 2).
RMail uses technology which provides an auditable proof of compliance for GDPR and for your email communication. At the same time it provides a Registered Receipt which documents the compliance with GDPR.
Recipients won't need to register for an account, open a web browser or otherwise leave their inbox to access such a secure message.
Unlike other encryption services, RMail provides true direct delivery of an encrypted message and attachments to the recipient’s inbox.
If you are required to encrypt personally identifiable information under the GDPR requirement, compliance is only half of the requirement. The other half is legal proof. Your registered receipt record serves as legal proof of compliance and can prove that you have met your obligations should a dispute arise.
1. http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=uk: General Data Protection Regulation
2. Source: Information Commissioner’s Office, The United Kingdom, GDPR Guidance