Back Arrow Email Privacy Regulations

We’re not just securing email and eSigning.

We’ve been helping Europeans protect sensitive client data and ensure privacy and compliance is part of the DNA of business.

And we’ve been doing it with them since 2004.

Privacy Compliance and Legality in Europe

RMail Logo
Audit-Ready Compliance
Yes. Automates proof of privacy compliance.
RMail Email Encryption
Relied upon in Europe since 2004.
The European Union.
Recommended Service
RMail® email encryption with Registered Receipt™ audit-ready email proof of privacy and timestamped e-delivery compliance. RMail and RSign eSignature services with privacy features enabled.

Common Use

RMail email encryption is commonly used within financial services, insurance, legal, human resources, health care, biotech, life sciences, clinical research, and other industries where businesses interact with clients and transmit sensitive, personal, financial, or health related information.

Watch full video of Paul Davis discuss RSign at Optimize!2020.

Open Quotes

We were using two different electronic signature platforms. We went to tender and looked at four. More options were ticked with RSign. What enthused me more was the innovation not only now, but the planned — the platforms we had been using were becoming a bit stale. RSign was not just looking at here and now but future proofing for down the road. It was quite a simple transition to RSign.

Close Quotes
Paul Davis

Paul Davis

Commercial Manager, Impellam

Legal Aspects

RMail® email encryption makes it easy to automate privacy for both senders and recipients, and for senders, prove compliance with GDPR and other privacy regulations or requirements. Each RMail message returns the highest levels of court admissible, legally valid, timestamped email privacy compliance evidence in the form of a Registered Receipt™ authenticatable email record.

Excerpts from the “Technology Guide to Meet GDPR Compliance for Data Privacy for Email.” (Full Guide available from RPost.)

“In Europe, the new European General Data Protection Regulation (GDPR) creates an environment of heightened awareness of data privacy issues. It also brings an enforcement framework with enough teeth to change the way businesses that deal with consumer data protect consumer privacy. GDPR defines what is to be achieved rather than how the requirements should be fulfilled. Consequently, it does not state a requirement to use a specific method of encrypting email, but it does require the handler of consumer non-public and personal information to maintain not only privacy of that information, but also the ability to demonstrate compliance with the privacy requirements. These requirements are discussed detail in GDPR Article 5 Clause 1(f) and 2, and Article 32 Clause 1(a) and 1(d) which focus on the requirement to protect personal data during transmission with the ability to demonstrate fact of protection of personal data.

An easy target for GDPR enforcement is watching how organisations protect the privacy of information transmitted to external parties. Email is the primary means of business information delivery today. As such, privacy related to email will be one of the principal areas to be inspected in a compliance audit and, therefore, it will be essential for regulated companies to retain auditable proof of fact of private email transmissions.

Why is “proof” important? There are many ways to encrypt email, nearly all of which make it more complicated for the intended receiver to review the message. Therefore, a tendency for senders, unless there is consequence, is to not use email encryption systems that are in place and available for use. The fact of an email encryption system being available for use is not fact of use. “Fact of Use”, we believe, will be a key criterion in regulatory audits, and in any case, a basis to protect organizations from accusations of a data privacy or GDPR compliance breach.” Nick Hawke, Chief Executive Officer, Association of Professional Compliance Consultants in Foreword from the “Technology Guide to Meet GDPR Compliance for Data Privacy for Email”.

The following five evaluation categories (protection, utility, audit-ready compliance proof, empowering, and measurement) are the most important

elements of an email encryption technology or service considering the requirements in GDPR for protecting personal data; in particular Article 5 for security, confidentiality, and accountability, and Article 32 for encrypting and assessing the effectiveness of technical measures to ensure securing.

Article 5 Clause 1(f) calls for maintaining the confidentiality of personal data, stating, “personal data shall be processed in a manner that ensures appropriate security of the personal data…using appropriate technical or organisational measures (‘integrity and confidentiality’)”.

Article 5 Clause 2 creates the need to maintain demonstrable proof of compliance with the confidential treatment of personal data, stating, “The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’)”.

Article 32 Clause 1(a) specifies use of encryption to secure personal data, stating, “the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (a) the pseudonymisation and encryption of personal data”.

Article 32 Clause 1(d) calls for regular assessments to ensure the security of the processing, stating, “a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.”

Considering these requirements, the combination of RMail email encryption plus RMail Registered Email™ services provide not only GDPR compliant privacy, but also GDPR audit-ready proof of privacy compliance on a message-by-message basis.

“As a growing accountancy practice we were looking for a secure email product at an affordable price to help us comply with GDPR. We chose RMail as it returns proof of fact of encrypted delivery to protect the organisation in the event of an external compliance inspection. After a quick and easy to follow training session, we were up and running in no time at all. RMail is easy and straightforward to use, with the knowledge that you are sending sensitive data securely to your clients. RMail is an excellent product and service.” — ACG Accounting Services, London, England (Member of the IFA). The Institute of Financial Accountants (IFA) endorses the use of RMail secure and certified electronic messaging services to support GDPR compliance.

RPost’s Registered E-mail™ service automatically delivers a Registered E-mail™ receipt to the sender containing delivery details of the original message, proof of content and official time stamp. The RPost Registered E-mail™ service also enables a stored message to be authenticated at a later date, anywhere a challenge may occur with respect to delivery, time or the content of a Registered E-mail™ message. This service functions independent of any action by the recipient.

The authentication / verification of a Registered E-mail™ message will include the date and time of sending and receiving, the title and contents of the e-mail message, and all attachments. This registration and authentication / verification process is performed by RPost without storing the original e-mail message as the complete transaction is recorded and imbedded digitally within the Registered Receipt e-mail that is returned to the sender for safekeeping.

As this authentication process is available independently to both the sender and the recipient of a Registered E-mail™ message, any contention as to the original contents of the e-mail can be resolved without doubt. By RPost’s inclusion of a trusted time stamp with the original Registered E-mail™ message, the date and time of the sending and receiving of a message can be demonstrated without doubt.

This authentication process also provides audit-ready proof of encrypted delivery to each recipient.

Laws Referenced

European General Data Protection Regulation (GDPR).

Disclaimer: Neither RPost nor its affiliates provide legal opinions. The information on RPost and its affiliates and products websites is for general information purposes only and is not intended to serve as legal advice or to provide any legal opinions. Laws and regulations change from time to time and neither RPost nor its affiliates guarantee that all of the information on RPost and its affiliates’ websites are current, correct, or with sufficient detail for the purpose of each reader. You should consult your legal counsel for specific jurisdictional details and other issues.

Tradenames are owned by the named company. Service benefit is summary, not intended to be a case study.​ RPost technology is patented. RMail, RSign, and RPost are trademarks owned by RPost.