State of the art

Creating and processing e-mails in a data protection-compliant manner is now essential. Currently, e-mails and their content are sent in transport-encrypted form (TLS) from the e-mail sender (client) to an e-mail recipient (client) via an e-mail server. The path from and to the server is encrypted. On the e-mail server, however, the e-mail can be read by all authorized persons, including the operator of the server.

This is also the crux of the matter, it is not encrypted end to end and thus can be viewed by third parties.

Create and edit e-mails in compliance with data protection regulations

There are encryption methods that must be used on both sides, such as PGP. The content of the e-mail is encrypted by the sender with the recipient's public certificate. Only the recipient with his private key can decrypt the e-mail again.

Very few have such procedures in place. This makes the process impractical. The solution is to encrypt documents in password-encrypted ZIP files or PDFs that are password-protected and encrypted.

In the mail text, which remains readable, there must be no personal data other than the salutation.

The password is then communicated to the other party verbally or via a second channel such as SMS.

DSB buchen