Data protection is becoming increasingly important in the modern working world. The decision of the Suhl Labor Court (case number 6 Ca 704/23) underlines the need to protect sensitive information appropriately. A key aspect of this is the encryption of emails, which not only meets legal requirements but also ensures the integrity and confidentiality of data.
The initial case: An email without encryption
In December 2023, the Suhl Labor Court had to rule on a case in which an employee claimed compensation under data protection law. He had contacted his employer with a request for information under data protection law. The employer had also provided him with information and sent the stored personal data to the employee via an unencrypted email. The employee considered this to be non-material damage and a breach of the General Data Protection Regulation (GDPR).
The decision of the labor court
In this case, the protection of personal data plays a crucial role. Employee data transmitted via unencrypted emails is easily the target of cyberattacks or unauthorized access. In its decision, the Suhl Labor Court makes it clear that companies are obliged to take adequate measures to ensure the privacy and security of their employees.
The encryption of e-mails
Email encryption is a proven means of minimizing the risks of data transmission. One of the simplest methods is the use of end-to-end encryption. Here, the data is encrypted on the sender's end device and decrypted on the recipient's end device. Even in the event of a potential data leak, the content remains unreadable for unauthorized persons.
Companies can rely on proven technologies to easily implement email encryption. Various email clients offer integrated encryption functions that can be activated with just a few clicks. External services such as Pretty Good Privacy (PGP) or S/MIME are also available to ensure secure communication.
What companies still need to do
It is crucial that companies not only implement technical measures, but also sensitize their employees. Trainings on the requirements of the GDPR and secure communication in the digital space are essential to raise awareness of data protection. This helps to ensure that the encryption of emails is not just seen as a chore, but as an indispensable contribution to data protection.
Overall, the decision of the Suhl Labor Court shows that the protection of personal data should not be neglected. The implementation of email encryption is not only a legal obligation, but also an active contribution to the protection of privacy and data security in the digital age.
Do you need support with the implementation of data protection obligations or other questions relating to data protection? Our team of experts will be happy to assist you. Please contact us here!