Mandatory e-mail encryption from January 1st 2019 in Denmark

03.10.2018

The new practice of the Danish Data Protection Agency requires all work related e-mails containing personal data is to be encoded according to the GDPR.

The new regulations mainly affect private operators, as similar rules already exist for public authorities. This means that companies, associations, foundations and all other non-public actors working with data will have to establish new encryption methods.

The obligation to encrypt relates exclusively to sensitive and confidential personal data in accordance with the GDPR-defined term, which includes ethnicity, political and religious beliefs, memberships, sexuality, fingerprints, social security number and information covered by a duty of confidentiality.

A concrete assessment of whether the data in question is "sensitive and confidential" is mandatory. Thus, each case must always be considered individually. Therefore, it is recommended that companies establish a minimum standard that takes the industry and type of information within the company into account. The type of encryption and data security requirements demanded by the Data Protection Agency must be complied with. In the private sector, the so-called TLS system must be used as a minimum. This system protects the data during the transportation between sender and receiver. Please note that the strength of the security protection must correspond to the magnitude of the concrete security risk at hand.

 

Article provided by: Dr. Claas Thöle (NJORD Law Denmark)

 

Discover more about the Cloud Privacy Check(CPC) / Data Privacy Compliance(DPC) project

Director CPC project: Dr. Tobias Höllwarthtobias.hoellwarth@eurocloud.org

VIEW PROJECT

What is the INPLP?

INPLP is a not-for-profit international network of qualified professionals providing expert counsel on legal and compliance issues relating to data privacy and associated matters. INPLP provides targeted and concise guidance, multi-jurisdictional views and practical information to address the ever-increasing and intensifying field of data protection challenges. INPLP fulfils its mission by sharing know-how, conducting joint research into data processing practices and engaging proactively in international cooperation in both the private and public sectors.