Skip to main content

Mandatory e-mail encryption from January 1st 2019 in Denmark

|

The new practice of the Danish Data Protection Agency requires all work related e-mails containing personal data is to be encoded according to the GDPR.

The new regulations mainly affect private operators, as similar rules already exist for public authorities. This means that companies, associations, foundations and all other non-public actors working with data will have to establish new encryption methods.

The obligation to encrypt relates exclusively to sensitive and confidential personal data in accordance with the GDPR-defined term, which includes ethnicity, political and religious beliefs, memberships, sexuality, fingerprints, social security number and information covered by a duty of confidentiality.

A concrete assessment of whether the data in question is "sensitive and confidential" is mandatory. Thus, each case must always be considered individually. Therefore, it is recommended that companies establish a minimum standard that takes the industry and type of information within the company into account. The type of encryption and data security requirements demanded by the Data Protection Agency must be complied with. In the private sector, the so-called TLS system must be used as a minimum. This system protects the data during the transportation between sender and receiver. Please note that the strength of the security protection must correspond to the magnitude of the concrete security risk at hand.

 

Article provided by: Dr. Claas Thöle (NJORD Law Denmark)

Cloud Privacy Check (CPC). Data Privacy Compliance in the Cloud Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.

VIEW STREAM

About Us

EuroCloud is an independent non-profit organization and consists of a two-tier setup where organisations form all European countries can apply to participate in as long as they respect the EuroCloud Statutes.

To act as a true European player, all programs that are developed are intended to be European activities. These European programs are the strength of EuroCloud as a whole. Respect to local cultures along with the will to promote a real European spirit.