Email is especially prone to violations of the General Data Protection Regulation (GDPR) because of its role as the primary business communication tool. It’s also widely used for sharing and storing personal data, and specifically because it is still the number one threat vector for cyber-criminal exploits.
For this reason, companies must protect personal data stored in emails and also provide access to it - in your email archive - whenever the data owner asks for it.
What is the GDPR?
The General Data Protection Regulation is a new law in the European Union (EU) aimed at protecting the rights of individuals in respect of their data, and that any organisation that holds data about any resident of the EU is expected to comply.
GDPR was adopted as an EU law in April 2016 and will take full effect in May 2018.
Amongst other things, GDPR deals with the data you collect in the first place, how you tell people what you are going to do with it, what you actually do with it, how you store it securely, whom you allow to access it, and what happens if you fail to comply. At their heaviest, GDPR penalties can reach €20,000,000 or 4% of your global annual turnover, whichever figure is bigger.
GDPR & Email Security
The set of regulations is meant to protect the personal data of EU residents, including information exchanged over email. Email Security systems must:
- Implement appropriate technical measures to comply with “privacy by design,” organizations must include email encryption and compliance capabilities to their email security infrastructure;
- Apply the right to be forgotten (the system needs to erase users’ personal data and cease further dissemination of the data);
- Notify authorities on breach notification (within 72 hours of identifying a breach);
- Inform organizations as to whether or not personal data concerning them is being processed, where and for what purpose.
AnubisNetworks Mail Protection Service (MPS) and Its Key Capabilities
Our MPS solution was built with customer privacy in mind:
- Message Integrity: The fact we never store clean messages, our multi-layered approach providing a separation of messages and roles within shared platforms;
- Message Security: Our strong inbound and outbound protection, with real time protection on spam, malware and phishing as well as with anti-fraud, anti-spoofing, authentication and encryption verification;
- Message Transparency: Extensive message details permitting our customers to understand exactly the message path, the filtering process and the actions taken;
- System Robustness: Secure access at an administration level (e.g. two factor authentication, detecting different login tentative), multiple roles, including helpdesk users with non-privileged access, and multiple delivery authentication, including AD synchronization;
- Compliance and Control: DLP protection, Quota management for outbound traffic, distinct delivery IPs.
Our MPS Solution is trusted by our customers and we are working tirelessly to ensure compliance with all GDPR regulations regarding corporate email security.
Author: Rui Serra
With degrees in Computer Engineering and Marketing, Rui started his career managing training documentation for IT Training and consulting firms. He then joined Nokia Siemens Networks as a Documentation Specialist and Project Scrum Master before joining AnubisNetworks in 2009, where he has advanced from managing documentation to Product Manager for the growing Product Portfolio.