The dangers of Compliance and Data Privacy within Email Providers

AnubisNetworks By AnubisNetworks • April 21, 2020


Compliance and data privacy are two harsh words for companies today. Companies are accelerating their cloud adoption due to the pandemic, while wanting their providers, which hold their data to keep it safe and out of the reach of others. 

It's crucial for people today to feel secure with their data online. In the turbulence of moving to the cloud, some privacy and compliance aspects cannot be overlooked. 

''Out of system'' companies can have significant issues adhering to these rules of compliance and data privacy. They are not based in the same country as all of their customers, making these rules hard to respect in their entirety.

Email management and email security are two items which fall under this category. Managing and storing your received and sent email require strict respect to the compliance laws. 

During the Covid19 pandemic, with so many businesses operating from home, Data privacy may be overlooked. It shouldn't.

GDPR Challenges for Out of System Organizations

The General Data Protection Regulation exists for the sole purpose of ensuring the security of personal data by establishing clear rules for organizations for managing their employees, customers, and partners data.

However, GDPR created many challenges for companies out of the EU. Take Google last year, for example. The juggernaut was forced to pay $50 million to France for an alleged lack of consent to personalized ads. The lack of compliance with GDPR can result in the company having to pay 4% of their global revenues - This as well as the reputation and trust damage is enough for any company to care. 

On the other hand, GDPR and all other types of compliance and data privacy rules make lives easier for companies based in the same country as their customers. What’s more, GDPR is an advantage to these service providers: If you store customer's data within the country, you will comply to the specifics of data regulation. If your customers are given fair usage and data governance literature, in their own language, that's another point in favour!

This does not mean that cloud service providers cannot operate "in the cloud" (which, by definition, is everywhere)! - They simply must be aware of where they store and process personal data of customers as they are restricted from transferring it to countries and businesses outside the EU. Outside servers can be used, but everyone still has to comply with GDPR and the security measures involved.

GDPR Email Security Issues

Email is especially prone to violations of GDPR, mostly because of its role as the primary business communication method. If not that, it's mainly used to share and store personal data.

One note to take is that the email someone sends you is just yours if you accept it. This means that bounced email, rejected malware and spam don't need to be stored. Another note is that the synchronisation between clients (e.g. your mobile device) and servers must be made in a way that the company stores the deleted emails as well.

With all of these dangers and the specifics that arise from the need to adhere to specific rules of compliance and data privacy, service providers are left with only the option to fully protect personal data stored and sent in emails. Storage can happen at the Email Servers - but these will need to be in the EU, or they can do it on the side, for instance, leveraging the email flow coming from their sophisticated email security solutions .

As a service provider, if you own an email security solution, you would be protected from all of these dangers of data privacy and compliance. If you resell G-suites and Office 365 solutions, you'll probably need to ensure data remains transparently stored, redundant, and european.