Cifas Homepage
NewsroomCareersContact Us

GDPR and how to make your emails compliant

27 July 2017

GDPR and compliant emails

Guest blog: this blog is written and sponsored by mkryptor.


This summer, the most oversubscribed events are General Data Protection Regulation (GDPR) seminars. I attend them to hear industry concerns in the post-presentation discussions.

So far, GDPR has been presented as:

  1. Very complex – by the very expensive law firms; 
  2. Simple, with many links easily accessible online – by universities;
  3. Strictly black-and-white – by event organisers whose livelihoods depend on data;
  4. Inconvenient, but should be okay when the ‘reasonable’ principle is applied – by businesses.

Nearly all GDPR events are free, but those called ‘Summits’ are charged from £900 to £1,300. Unfortunately the ‘reassuringly expensive’ factor doesn't apply here.

GDPR is good for consumers 

With GDPR you'll feel safer. It is actually very good news for us consumers, whose private information gets collected and sold on. We waste time filling 6-page questionnaires just to get a pass to business events. There is all this information about us collected unnecessarily, which increases the risk of our identity being stolen, our assets used, our campaign revealed or our medical records discussed by trolls. GDPR means no more mindless mining, oversharing and disrespecting our privacy. Unwanted ‘communications’ will end.

New fears about GDPR and business practice

Have you heard the one about the business card? It's incorrect. You won't be fined for taking a business card from someone while networking then leaving it on your desk. That data won't miraculously find its way to your records and hit you with a penalty. It's still safe to give out business cards as a business card is not a virus. It's a piece of information that your staff will handle with new responsibility.

It's not dangerous to handle business cards but you do need to ask permission from the owner to use the data. Refreshingly, consent no longer can be a double negative, it has to be clear. Consent can be given and then withdrawn at any future date, meaning you'll need to remove the data from your records. By that time, everyone will be more aware, including the information snatchers and list mongers.

When I heard an event organiser who keeps 6 million records gathered over 10 years ask how to go about it, he was advised to destroy the data. Many said it makes more sense and less work to get rid of the millions of entries rather than spend time on updating them. Common sense is kicking in, to the tune of ‘better safe than sorry’.

If you've purchased a list, use it now, because from May 2018 they will be invalid. It’s being predicted that after May 2018 lists will be hugely expensive as they will have to be consent-only. Also, the future of newsletters will be different – so different and unpredictable that one of the pub chains has already stopped newsletters altogether. 

What are your organisation’s reasonable data needs?

You need to define your needs as an organisation and specify why you gather data. It's not too limiting and the word ‘reasonable’ appears a lot. GDPR won't make it a nightmare to run your business, as some suggest – it just makes things more transparent. 

GDPR and accountability for your organisation

The GDPR introduces accountability – now you have to show you comply with its principles. If you don't, the fine will be 4% of your global turnover.

Personal data ‘shall be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures’.

Emailing personal data

The icon we see everywhere representing email – an envelope – is misleading. Email is not a letter, it is a postcard – it doesn't have an envelope by default. Antivirus software and firewalls don't protect email in transit. If you want your email to be protected in transit – to be GDPR-compliant – the appropriate technical measure is email encryption.

Email encryption and the customer experience

Encryption can be done easily and without fuss. You just need software that has an award for usability. GDPR will be enforced from 25th May 2018 and every organisation will have to do it then. But what if your organisation did it now? You would have an asset to woo your clients with. Start encrypting your emails today and show you care about privacy and confidentiality – while your competitors keep putting clients' data on a postcard.

About mkryptor

Mkryptor, the ‘Best Cyber Security Solution’, protects the confidentiality and privacy of emails without the need for software to receive it. Your clients don't have to create accounts on websites or generate complex keys. Mkryptor is pure email, sent like email, arriving like email. The subject field keeps your subject in and there are no links to click on that can be abused. Scalable, flexible, technophobe-friendly, it works on any device. Mkryptor fits in with other security, sales and workflow solutions.

Posted by: Beatrice Freeman

Beatrice is Chief Communications Officer at mkryptor.


Why consumers need choice in how they access account information

21 August 2017

As banks and service providers move consumer access to exclusively online methods, Judith Donovan argues for giving consumers the choice to remain offline.


How to safely buy and sell vehicles online

25 July 2017

Buying and selling vehicles has never been easier, but online transactions also provide opportunity for fraudsters. Find out how to avoid becoming a victim.

Back to blog home >
Posted by: Beatrice Freeman

Beatrice is Chief Communications Officer at mkryptor.