This article is also available in:
NOTE. It is your responsibility as the data controller to make sure that you process customer data responsibly. Bricksite recommends that you familiarize yourself thoroughly with the concepts in this guide.

What Am I Allowed To Do?

You may be able to, but are you allowed to send personal data in an email? Of course you are. You just have to ensure:

That you notify your customers, i.e. in the website's Privacy Policy*.

Pay special attention to the fact that sensitive personal data requires a dual legal basis. This means that in addition to writing it in your privacy policy, you must also ask for express consent from your users.

That you process data securely - familiarize yourself thoroughly with this guide.

It is a requirement from the European Data Protection Authority that you use transport encryption, TLS 1.2, whenever you send personal data through email as a minimum. Fortunately, you do this by default at Bricksite.

The requirements for Secure Mail can be found at sikkerdigital.dk.

From the Data Protection Regulation Art. 9 (1) 10. Sensitive personal data are: racial or ethnic origin, political, religious or philosophical beliefs or trade union affiliation as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, health information or information about a physical person's sexual relationship or sexual orientation ... Criminal convictions and offenses ...

Two-Factor Verification (2FA).

Make sure to enable two-factor verification (2FA) on your email account. This makes it very difficult for hackers to gain access to your emails.

Encryption.

When the Data Protection Agencies mention encryption, they are talking about several different things. The first is called transport encryption and the second content encryption. If you encrypt with both methods at the same time, then we are talking about double encryption. In addition, you can also digitally sign your emails with a digital signature (such as MitID) so the recipient knows that you as the sender are a real and legitimate person, because the signature can not be forged.

When you send an email it is sent over an internet connection that anyone can monitor. Transport encryption means that you put the email in a digitally sealed envelope that noone but you and the receiver can open. In addition, there is also Content Encryption. As the name suggests, the actual contents inside the envelope are written in secret code, which only the recipient understands. You can thus achieve the greatest protection - but also the most hassle - by doing both things at the same time.

Bricksite's email solution supports transport encryption by default. In fact, we have disabled many of the old insecure standards in our mail solution so that you do not get a false sense of security when sending emails. However this also means that you cannot use Bricksite's email solution with old email applications that are not up to date with the latest security standards. We opt for this as we want to support you in making your work as easy as possible, but without going overboard with your safety. This way you can be sure that the connection between you and our systems is encrypted; and if the connection is not secure, then your mail program will warn you and refuse to send the email.

Transport Encryption.

If you use our Webmail you do not need to do anything.

If you use an email application, make sure to enter Incoming Server Port 993 and Outgoing Server Port 465 in the mail setup, and remember to check the option SSL/TLS. Our system will do the rest.

Content Encryption.

Content encryption is a bit more cumbersome — for you and the recipient of the email. However, it may be necessary if you send sensitive or confidential personal data (including social security numbers and health data). The easiest method is simply to send password-protected PDF files.

Write your message in a word processor.

Press Save As or Export as PDF and then save as PDF and set a password.

Attach the file to your email and send it.

The password for the PDF file is handed to the customer separately.

Never state the code in the same email, but send it separately as an SMS, phone call, or hand out the code in person in a sealed envelope. Never use identifying information or sensitive personal data as the password; this includes the customer's birthday and social security number.

Digital Signing.

There is a number of methods to digitally sign your emails, such OpenPGP, but they can be challenging to use, and it will often not make much of a difference to the recipient at the moment. There is a rapid technological progression in this field right now, so it may be that something more user-friendly will come about within the next few years.

Privacy Policy.

Remember to insert a checkbox in your contact form that the user must acknowledge to have read your privacy policy to send a message.

Security Specification (Advanced).

Our new mail solution supports TLS 1.0–1.2 and STARTTLS - [note, phasing out older versions TLS 1.0–1.1 soon].
SSLv3 and below are disabled.
SPF is set up by default on your mail solution with us.
DKIM and DMARC are possible, but must be set up manually by you.
Ask for DNSSEC activation at customer service.
Was this article helpful?
Cancel
Thank you!