In 2016, the European Union adopted the most effective data protection mandate in decades, replacing an outdated set of guidelines that was last updated in 1995. Since its entry into force in May 2018, the General Data Protection Regulation ( GDPR ) has caused waves worldwide and companies have tried to understand in recent years what this means, how compliance can be ensured and how it can affect their operations.

Die DSGVO ist derzeit in der gesamten EU als Recht anerkannt, und Unternehmen, die dort Geschäfte tätigen möchten, benötigen ein umfassendes Verständnis dessen, was damit verbunden ist. Die Verordnung zielt im Kern darauf ab, die Datenschutzgesetze in der gesamten Region zu harmonisieren, die Daten der EU-Bürger zu schützen und die Herangehensweise von Organisationen in der gesamten Region an den Datenschutz umzugestalten. Befürworter der DSGVO bezeichnen sie als «die wichtigste Änderung der Datenschutzbestimmungen in den letzten 20 Jahren» und stellen fest, dass «die Art und Weise, wie Daten in allen Sektoren verarbeitet werden, von der Gesundheitsfürsorge bis zum Bankwesen und darüber hinaus, grundlegend verändert wird».

This description makes GDPR sound terrifyingly extensive - and in many ways it is. This comprehensive approach to data security means that, in contrast to HIPAA or DFARS , which only affect certain industries, GDPR requirements must be met by any organization that operates within the EU and the European Economic Area. The regulation is far-reaching, its scope is massive.

In other respects, the provisions that are enforced under the GDPR are both simple and straightforward. Similar to the other regulations in the USA, which are in force to a lesser extent, the GDPR only requires data protection "inherently and by default" for all IT business processes in which personal data is used. The regulation stipulates that those responsible for the processing of personal data must take "appropriate technical and organizational measures" to ensure the protection of this data - with considerable penalties for violations of the law.

And make no mistake: the penalties are severe. According to the GDPR, the penalties for loss , the change or the unauthorized disclosure of data amounts to up to 4% of the worldwide annual turnover or EUR 20 million - whichever is higher. This is a big change for every company and underlines the importance of compliance with the GDPR rules.

So what does that mean? Last but not least, this means that email encryption is a very, very good idea. Since the GDPR came into force, the encryption of e-mails with confidential personal data has generally been regarded as best practice for business operations. This should come as no surprise. Emails in Europe have the same vulnerabilities as emails in the US. E-mails that are not encrypted can be read by a number of different parties, including the company's IT administrator, Internet service providers, and cloud service e-mail providers. For this reason, sending unencrypted email with personal or confidential information from people under the GDPR is likely illegal.

Don't risk it. Why would you S/MIME certificate technology offers one simple and effective way to encrypt data and thereby authenticate both the sender and the content of an email. Although email certificates are not specifically required in GDPR, S/MIME is the easiest way to ensure that your email communication is still compatible. Emails that are protected by S/MIME remain encrypted from sending to opening so that they cannot be read during transmission. These messages and attachments also remain encrypted while they are stored on mail servers. This adds another layer of security that includes hibernation information.

For companies looking for an easy way to switch their email communications to GDPR compliance, there is no more comprehensive solution than S/MIME. The end-to-end encryption provided by S/MIME offers a simple and user-friendly approach to email security in all industries.