IT Security News & Blog

Mandatory Email Encryption for Danish Businesses

Posted: 24 October 2018

From the 1st of January 2019, all Danish organisations which use email as a mechanism for processing personal data will be required, by law to use a form email encryption. Strictly interpreted by the Danish supervisory authority under article 9 of the GDPR (General Data Protection Regulation).

Despite being the first European Union member to adopt a mandatory action, it is not expected to be the last, with others eager to analyse the results.

 

What Does This Mean for You?

Datatilsynet (the Danish supervisory authority) sees email encryption technologies as critical to strengthening the desired outcomes of the GDPR and as such is mandating its usage where an organisation processes personal data via email.

This means sending emails containing personal data; storing emails with personal data in email inboxes or achieves; and being in receipt of emails containing personal information.

More specifically, Datatilsynet has highlighted the need for TLS or end-to-end encryption, depending on the sensitivity of the personal data and its contextual content.

Take a look at our definitive guide to Securely Sharing Documents and Files in a Privacy Oriented World.

 

What is TLS for Email?

TLS or Transport Layer Security, is a method of protect for emails in transit. Otherwise known as transmission.

A secure tunnel is created between recipient and sending email servers, using asymmetric encryption and certificates. Much in the same way that SSL works when browsing a HTTPS enabled website.

How TLS works email encryption

Almost all modern email servers and applications support the use of TLS, including popular services such as Microsoft Exchange, Microsoft Office 365 and G-Suite.

 

What is End-to-End Encryption?

TLS encryption is the cheaper and more transparent of the two options, however takes criticism for not protecting the content of the email outside of the secure tunnel; and being reliant on certificates and PKI.

Something even the best IT teams struggle with, when it comes to remembering to renew certificates.

More popular and recommended by Datatilsynet, when content is particularly sensitive, is end-to-end email encryption. Whereby the email itself is encrypted at the point of leaving a senders outbox and only decrypted when opened by the correct recipient, in their inbox.

The security of the sending channel is non-consequential as a result.

Typically, this requires an application or email application plugin on the senders side, which encrypts the email at the point of sending; and sends the corresponding encryption key to a cloud server.

When the email is then opened by the recipient, they are taken to a portal whereby they are authenticated and the key is used to decrypt the email content.

One hidden benefit to this method is that the email can be revoked at any time by simply instructing the solution to revoke the decryption key.

 

How Ipswitch MOVEit Transfer Can Help

Ipswitch MOVEit has specialised in the secure movement of messages and files for almost two decades and is widely recognised as the most secure managed transfer solution on the market.

Available as software or as a cloud solution, it contains end-to-end email encryption capabilities for securing sensitive personal data, as well as other capabilities for securing your communication workflows. 

Including:

  • Support for HTTPS, HTTP, SFTP, FTP/S, FTP, AS1, AS2 and AS3 protocols.
  • An average time to deploy of around 24-hours.
  • A full mobile client with upload, access, delete, share and download capabilities.
  • No file size or quantity limit, unless configured otherwise.
  • A full breadcrumb menu for easy navigation.

Plus much more.

If you would like to learn more about Ipswitch MOVEit Transfer; and how it is being used by tens of thousands of customers worldwide. Book a call with one of our product specialists today.

 

New call-to-action

Topics: GDPR, Email Encryption, MOVEit

Chris Payne

Written by Chris Payne

Managing Director - Advanced Cyber Solutions