GDPR – Have you thought about email?
Most companies within the UK have started to think about GDPR and how it will affect their business and what actions they may need to implement to ensure they meet the requirements and avoid heavy fines.
In order for you to meet statutory obligations, you first need to understand:
- Where does personal data reside – both electronic and paper versions?
- Who has access to it, how and when people access it and on what devices?
- Is it required?
All this is good housing keeping and will give you a much clearer view of what actions you need to take to protect the data and who needs access to it but what about your email?
Is email structured data or unstructured data or maybe it is both…… either way most corporate email systems are not managed and secured in the same way that corporate data is, therefore it is a huge risk to your organisation under GDPR requirements.
Maybe now is the time to change the way we all use email and implement policies to make email safe, secure and manageable whilst enhancing the user experience?
Let’s stop and think what problems emails may bring with GDPR in mind.
- Retention Policy (don’t keep mails that don’t need to be kept).
- Audited search and deletion of PII (Personal Identifiable Information) needs to be quick and easy as well as audited.
- Data Protection (accidentally sending data to the wrong person or sending classified information).
- Avoid duplication and unofficial backups such as PST files etc.
- Email on mobile devices (is this managed?).
So, the answer may be simple, cost effective and make your companies email streamlined, effective and compliant.
- Data Classification software (ensures data does not accidentally leave your business).
- Journaled email archive solution. (quick and easy search for PII, Audited Delete and compliance).
- Mobile email management.
- Email Encryption and Rights Management.
- Policy (change the way your email works to ensure your email resides in just one location).
To help you become GDPR compliant we have teamed up with Company85 to offer a QuickStart assessment. GDPR QuickStart provides a framework that combines our GDPR know-how with your in-depth business knowledge to rapidly frame your GDPR needs, and to prioritise the activities you need to undertake to become compliant. This assessment can be used to assess yourselves but can also be offered to your clients.
Contact us to understand the impact of email on your GDPR obligations and how we can further assist you on the road to compliance.