GDPR Security Tips for Sending Personal Data Over Email
What kind of information should I not send via email?
We all need to be mindful when sharing personal information, whether it is our own or that of others.
You should not send personal data via unencrypted email. It is not a secure way to send any personal data and could expose you to data hacking.
What is personal data?
Personal data is information that either on its own, or when put together with other data, can identify an individual.
Examples of personal data can include: national insurance numbers, tax identification numbers, home / business addresses, phone numbers, payment card numbers, bank account numbers, dates of birth, copies of government-issued IDs and health information.
Why is it dangerous to send personal data over email?
When you send an email, you don’t necessarily know how many networks or servers the message will pass through on its way to the recipient or who has access to them. In addition, emails sitting on your device may be accessible to a third party. Let’s also not forget the common error of emailing a message to the wrong recipient!
How can I securely transfer personal data?
To be truly secure, the message must be encrypted before it leaves the sender’s computer and it must remain encrypted until the recipient receives it.
We have partnered with a cloud-based service provider, SendSafely, which we will use to transfer personal data from Square. SendSafely uses end-to-end encryption to protect files from unauthorised access. Files and messages sent through SendSafely are encrypted before they leave your device and SendSafely never has access to the decryption key needed to view them, ensuring it is only the intended recipient who has the ability to decrypt and access the message. The recipient doesn’t need to install anything new to use the service.
Business Owners: Whether you choose to use a cloud-based encryption service such as SendSafely or find another encryption method, be sure you take the steps to make your business a trustworthy custodian of your customers’ personal data. It will serve your business well and demonstrate your integrity to both your customers and the data protection authorities.