German Data Protection Authorities Say Emails Must Be Encrypted

Fox Rothschild LLP

Fox Rothschild LLP

Per the German DSK (the Conference of Independent German Federal and State Data Protection Supervisory Authorities), emails need to be encrypted in order to meet the minimum requirements of Article 32 of the General Data Protection Regulation (GDPR).

This means:
  • TLS (transport layer encryption) at minimum
  • Additional measures like end-to-end encryption and qualified transport encryption if sensitive data is being sent
  • Controllers must implement a policy that enables all employees who use e-mail communication and similar media to determine which safeguards need to be taken for each medium and class of communication or transmitted personal data.
  • They must regularly monitor compliance with this policy.
  • They must notify recipients so that they can adapt to the technical conditions and implement any technical precautions they may need to take for their part.

Read the full advisory.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Fox Rothschild LLP | Attorney Advertising

Written by:

Fox Rothschild LLP

Fox Rothschild LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.