Send data via email: data breach trap number one. A blog by Thomas Calf

Send data via email: data breach trap number one


Now that the GDPR has been effective since half a year, many companies have an internal evaluation moment. What has changed for the better when it comes to data protection, what should be improved, what problems do we anticipate? One of the most striking consequences of the GDPR is that the power over personal data is back at the consumer. He remains the owner of his data. Not all companies deal with this as well as they should. Last summer a journalist from the Dutch news paper Volkskrant approached ten companies with the question what was done with their data, and why. He seldom received full answers, if he already received an answer.


The first GDPR fine is a fact

One of the first recipients of a big GDPR AVG fine was (of course) a bank. The Dutch Data Protection Authority issued a € 48,000 fine to InsingerGilissen Bankiers (formerly TGB) because the bank repeatedly refused to show a customer his personal details. My first question is: what kind of awful does that bank put in the client's file? Was it an awkward customer who also came up with impossible questions before the GDPR came into force? Or did the account manager put offensive notes with the personal data? We will probably never know.


Data breach trap

That did come to light when I asked my internet service provider for my personal data is that the way in which this data is sent to the customer requires a lot of improvement. I received a friendly mail with a link to the pdf with my details. Everything was complete. However, sending an e-mail with a document full of privacy-sensitive information that is not protected in any way is, of course, data leakage number one. A mail account is in fact very unsafe. A document containing sensitive information and shared via the mail must always be encrypted and password protected. There is a very good solution for that, and it is not even difficult to implement. Why is this not used by default everywhere?


Storage and processing of personal data

The most obvious reason is that many companies are busy with the internal organization of the storage and processing of personal data. Because there are often several systems that store this data, it is quite a puzzle to arrange everything correctly and according to the GDPR. Many organizations are not used to sharing sensitive data with third parties (or the customer). So they also do not think about how this process can and should be safe. However, the Dutch Data Protection Authority is not a dormant watchdog, and it is indeed capable of distributing big fines. Now that the GDPR has been effective since half a year, it is really time for all companies and agencies to think about how they can safely share online documents. We already have the answer.


Request your PERSONAL DEMO and/or TRIAL by contacting our sales department and get to know FileCap.



By Thomas Calf, account manager at Contec B.V.