The European General Data Protection Regulation (GDPR) (German: Datenschutzgrundverordnung DSVGO) regulates how companies must handle personal data that they process. One requirement is to safeguard personal data from potential abuse.
The GDPR highlights encryption as an appropriate technical measure to protect personal data. The new legislation states that encryption makes data unintelligible to any person who accesses the data in the case of a data breach.
What is personal information in emails?
Business emails contain a lot of personal information, particularly when your customers are private citizens. As most of the booking processes are made online and confirmed via email, these emails contain personal information such as address, payment data, and more.
In fact, every business handles personal information via emails at some point: HR information about applicants or employees, payroll letters sent via email, and personal information about customers such as birthday congratulations are only a few examples.
Sensitive personal data often shared via email
In addition to this, for some professions handling a lot of personal information via email has become standard practice. These emails oftentimes contain very sensitive data.
Professionals such as head hunter services, journalists researching people and their private lives, lawyers or physicians communicating with their clients or patients via email, and many more must take extra steps to protect their email communication with and about their customers.
Why is standard TLS encryption not enough?
Standard emails are protected with so called TLS encryption. This transport encryption does not encrypt the content of the emails, but simply builds up an encrypted tunnel through which the emails are sent in plain text.
TLS encryption is not safe enough to protect emails with sensitive personal information. As emails are being sent via several different servers, the TLS encryption is decrypted at the server and then re-encrypted.
End-to-end encrypted emails will become a legal requirement
Denmark is the first EU country to require from companies that they send emails containing personal data only with proper end-to-end encryption. It is expected that more EU countries will follow this example.
Given the heavy fines of 4% of sales volume, companies are on the safe side when sending all emails containing personal data end-to-end encrypted. Tutanota offers a very easy way to encrypt any email end-to-end to any recipient. Unlike other email services, Tutanota does not have access to your data or your encryption keys. On top of that, Tutanota comes with a flexible and fair pricing plan that suit every business.
What can Tutanota do to achieve GDPR compliance in business emails?
Tutanota protects all your business emails in four ways:
The entire mailbox is end-to-end encrypted. The encrypted data can only be accessed by your company. This includes all emails and all contact information (address book) stored in Tutanota. All data is stored encrypted on our own servers in highly secured data centers located in Germany.
Tutanota encrypts all emails among your employees end-to-end. This makes it very easy for you to share personal information, e.g. about applicants or customers, internally via email.
Tutanota enables you to send end-to-end encrypted emails to outside users with sharing a password.
Tutanota enables you to place a secure contact form on your website so that people interested in your company can easily get in touch with you end-to-end encrypted.
Of course, Tutanota provides an Order Processing Agreement with legally binding data protection guarantees to help you demonstrate your compliance with GDPR.
Tutanota offers an extensive business package
Tutanota is a secure email service that lets you access your encrypted mailbox at any time via webmail or via our Android and iOS apps.
With its built-in end-to-end encryption, Tutanota enables you to make use of the advantages of the cloud (accessibility, cost efficiency, fast scalability, easy backup) while protecting from its disadvantages (security issues).
Tutanota for business enables you to:
Create an unlimited number of email accounts for all employees with your own domain(s).
Manage email accounts with administrators (reset passwords, disable accounts, etc.).
Add local administrators such as project managers, department chiefs etc.
Place a login on your website where your employees can login to their encrypted mailboxes.
Use your own branding (logo & colors) within your company's mailboxes.
Add a secure contact form to your website so that customers can directly contact you end-to-end encrypted.
Make unlimited use of our smart search feature that enables you to search your encrypted emails and contacts securely.
Try out our secure mail service now
Tutanota takes your email security to the next level with its built-in end-to-end encryption while it lets your business save money at the same time: With only €1 per user per month, Tutanota comes with affordable and flexible prices that suit the needs of every business. Please refer to our pricing site for details.
If you want to integrate Tutanota into your enterprise, please get in touch with us directly. Our dedicated development team will be glad to adapt Tutanota to all your enterprises' needs quickly.