From the 1st of January 2019, all Danish organisations which use email as a mechanism for processing personal data will be required, by law to use a form email encryption. Strictly interpreted by the Danish supervisory authority under article 9 of the GDPR (General Data Protection Regulation).
Despite being the first European Union member to adopt a mandatory action, it is not expected to be the last, with others eager to analyse the results.
What Does This Mean for You?
Datatilsynet (the Danish supervisory authority) sees email encryption technologies as critical to strengthening the desired outcomes of the GDPR and as such is mandating its usage where an organisation processes personal data via email.
This means sending emails containing personal data; storing emails with personal data in email inboxes or achieves; and being in receipt of emails containing personal information.
More specifically, Datatilsynet has highlighted the need for TLS or end-to-end encryption, depending on the sensitivity of the personal data and its contextual content.
TLS or Transport Layer Security, is a method of protect for emails in transit. Otherwise known as transmission.
A secure tunnel is created between recipient and sending email servers, using asymmetric encryption and certificates. Much in the same way that SSL works when browsing a HTTPS enabled website.
Almost all modern email servers and applications support the use of TLS, including popular services such as Microsoft Exchange, Microsoft Office 365 and G-Suite.
What is End-to-End Encryption?
TLS encryption is the cheaper and more transparent of the two options, however takes criticism for not protecting the content of the email outside of the secure tunnel; and being reliant on certificates and PKI.
Something even the best IT teams struggle with, when it comes to remembering to renew certificates.
More popular and recommended by Datatilsynet, when content is particularly sensitive, is end-to-end email encryption. Whereby the email itself is encrypted at the point of leaving a senders outbox and only decrypted when opened by the correct recipient, in their inbox.
The security of the sending channel is non-consequential as a result.
Typically, this requires an application or email application plugin on the senders side, which encrypts the email at the point of sending; and sends the corresponding encryption key to a cloud server.
When the email is then opened by the recipient, they are taken to a portal whereby they are authenticated and the key is used to decrypt the email content.
One hidden benefit to this method is that the email can be revoked at any time by simply instructing the solution to revoke the decryption key.
How Ipswitch MOVEit Transfer Can Help
Ipswitch MOVEit has specialised in the secure movement of messages and files for almost two decades and is widely recognised as the most secure managed transfer solution on the market.
Available as software or as a cloud solution, it contains end-to-end email encryption capabilities for securing sensitive personal data, as well as other capabilities for securing your communication workflows.
Support for HTTPS, HTTP, SFTP, FTP/S, FTP, AS1, AS2 and AS3 protocols.
An average time to deploy of around 24-hours.
A full mobile client with upload, access, delete, share and download capabilities.
No file size or quantity limit, unless configured otherwise.