Take good care of your emails or risk huge fines

It seems like such a long time ago that we were all wondering how the General Data Protection Regulation (GDPR) would impact our businesses and it’s easy to imagine that the problem has now gone away, but ignore it, and you could be making an expensive mistake.

Take good care of your emails or risk huge fines

Many of the fines are related to poor handling of customer data and these fines are often large. Take these companies for example:

Some are for unsolicited marketing. For instance:

Others are where staff have either disclosed personal information or tried to destroy data.

Interestingly the Information Commissioner’s Office is pursuing the Metropolitan Police Service* for their failure to comply with subject access requests. These breaches are more common and it is requests like these that can sometimes cripple a business.

What is a Subject Access Request?

Under GDPR, individuals have the right to access the data that companies hold about them and there are plenty of websites providing advice on this. Some offer example wording that can be used when making your request, for example:

In relation to emails, you may limit the search to emails between [NAMES] during the period [DATES]. However, in relation to [SUBJECT MATTER] please ask [NAMES] whether any of them is aware of others who are likely to have exchanged emails containing personal data relating to me. If so, please let me know who those others are and search the emails of anyone that any of them identifies as well as those individuals mentioned above.

The person making the request would typically be someone who applied for a job or an ex-employee, but it could be anyone that your business has communicated with. In either case, you normally have a month to comply**.

Finding those messages

Have a good read of the sample request above. It is not just asking for the messages that meet limited criteria, it is open to anyone in the business who might have exchanged emails containing that person’s personal data. You can’t just ask your staff to take a peek in their own email as they may not be thorough, and what are you going to do if people are off sick, on holiday or have left the business? Just gaining access to the email accounts could be an issue too.

If your data is structured, it is easy

Our AEC email management software Excitech Mail is not promoted as a tool to solve GDPR matters. Indeed its main usage is in the day-to-day filing of messages so that staff can easily locate messages relating to projects, legal matters, clients, etc. It creates structure where previously there was chaos.

In this situation, it can be a lifesaver because you can use its fast search to find messages even when your search terms are vague. For example, let’s imagine that the individual had applied for a job and his/her mobile phone number had been passed to selected colleagues via email. Simply enter the phone number in the search tool and ALL instances of it, regardless of who sent or received it, are found in less than a second.

For the price of a couple of coffees per month, you can not only have the peace of mind that a data request is not going to cause you to miss a heart beat, but you also have all of your project emails filed with the projects and not scattered in personal inboxes, so if you at any point in time want to see what correspondence has been had with a client, it’s all there instantly. More importantly, if there is a query or worse still, a claim later on, you can once again get the full communication history in an instant.

For more information on our AEC email management software Excitech Mail and a free 30-day trial, click here



** https://ico.org.uk/your-data-matters/your-right-to-get-copies-of-your-data/what-to-expect-after-making-a-subject-access-request/#:~:text=Frequently%20asked%20questions-,How%20long%20does%20an%20organisation%20have%20to%20respond%3F,extra%20two%20months%20to%20respond.have%2520to%2520respond%253F%2Cextra%2520two%2520months%2520to%2520respond.&aqs=chrome.0.69i59.2742j0j9&sourceid=chrome&ie=UTF-8





Vulnerability Management

18 June 2024

To ensure that your network and endpoints are secure, you need to ensure that vulnerabilities are patched, and devices configured to ensure that the risk of a threat is lowered.

Learn more