Back to Dr. Gerrit Hötzel

Emails in the age of the GDPR - legally compliant in the company Forum on digitalization law and Industry 4.0

In the age of the GDPR, emails must now be encrypted. Special problems arise in the group of companies and in the group when centralizing IT systems. In this event, we will present the legal and technical framework conditions and point out solutions.

In the age of the GDPR,emails must be encrypted according to the new concept. Accidentally sending an email to the wrong addressee can trigger a reporting obligation to the data protection supervisory authority within 72 hours. Clicking on a link in an incoming phishing email can paralyze the company and lead to the forfeiture of fines. At the same time, there is the problem that although encryption technologies have been available for years, there are none that are uniformly available for both the sender and the recipient.

According to the GDPR, a deletion concept must also be provided. The long-term storage of emails in a "big long" inbox is therefore not permitted.

In a group of companies or corporate group, the integration of emails poses particular difficulties, as data is exchanged between different legal entities. Are a shared email server and a shared IT infrastructure (e.g. for virus scans) therefore permitted at all? To what extent may - or must - spam and phishing e-mails be filtered?

The forum will address these and other issues and present legal and technical solutions relating to the topic of "e-mail and communication".

Speaker

Julian Kaletta
Managing Director Julkair GmbH, Stuttgart
IT system house

https://julkair.com/

In 2018, Julkair GmbH was awarded the partner status of the Alliance for Cyber Security by the Federal Office for Information Security (BSI) for its commitment to IT security.

An excerpt from the topics

  • Email encryption as a duty?

    • Requirements of the GDPR, the data protection supervisory authorities and the BSI

    • Why should telephone, fax and video conferencing be assessed differently?

    • Difference between in-house email server or via external provider

  • Technical background

    • Overview of the email system

    • Transport encryption (TLS), content encryption (e.g. PGP, GPG, S/MIME)

  • Email in the group of companies / within the group

    • Is one email server permitted for all group companies?

    • Problems with central spam and security checks

  • Special features for doctors, hospitals and tax consultants

  • Solutions for the practice

  • Email archiving and deletion obligations

    • Endless storage of emails in the email folder

    • Dealing with deletion requests

  • Is an email signature required?

  • Outlook on the ePrivacy Regulation

How to get there

Tübinger Straße 26, 70178 Stuttgart(directions as PDF)

Arrival by car: Gerberviertel parking garage, separate office entrance opposite parking lot no. 131 (level P1) / no. 176 (level P2) / no. 221 (level P3).

Arrival on foot: Please use the Tübinger Straße office entrance.

Further information

You can find the special data protection information here. Image above by: Gerd Altmann from Pixabay.