GDPR will be enforced on 25th may 2018, where organisations have a possibility of facing heavy fines if they are not compliant with regard to what is known as ‘Personal Identifiable Information’.
Organisations need to have e-mail restrictions to prevent data theft or data loss.
Examples of Personal Identifiable Information:
- Social Security Numbers
- Financial account numbers
- Government issued ID numbers
It’s important to identify what information needs to be protected and what processes need to be put into place to meet security standards. This will ensure organisations are GDPR compliant. Using e-mail systems to pass on sensitive information can cause issues when it comes to regulating data, however, there are many ways data can be protected.
Microsoft Office products such as Word, Excel, and PowerPoint have options to protect and encrypt Office files, which then may be sent by email.
Below is a list of guidelines to ensure that Personal Identifiable information is protected via e-mail:
- Provide only the relevant information
- Notify the recipient in advance that the email contains confidential information so that they only open the document in a secure environment – you can do this by putting the word “CONFIDENTIAL” either in the email header or the attachment’s file name.
- Check that you have the correct address before sending.
- Provide minimum information in e-mails.
- Restrict information by deleting any drafts or sent copies
- Limit the number of recipients you are sending information to