Do you send any emails like these?
- payslips to employees?
- personal data, such as therapist reports, to clients?
- any other personal data to anyone?
Did you know that GDPR requires you to encrypt such emails to send them securely?
Don’t worry, here’s an easy solution.
GDPR, the new General Data Protection Regulation, was introduced in the UK in May 2018. The legislation puts great emphasis on personal and sensitive data security. As business owners, we need to take precautions to ensure that we’re adhering to the requirements. One of these requirements is the need to ensure we email sensitive data in an encrypted form to stop that data from falling to the wrong hands.
What’s In This Post
- Complicated way to encrypt your emails
- One man’s tale of woe, leading to…
- Simple way to encrypt emails
The Complicated Way
Email systems such as Outlook, Thunderbird, Gmail or similar, can send and receive encrypted mails. They required both sender and receiver to have a digital ID, also known as a Digital Certificate.
You can download a Digital Certificate free from a “trusted authority”, such as Comodo, for example. Comodo is based in the US, so you might prefer to use a UK company like Quo Vadis, though their service doesn’t seem free.
You then have to install it in your email client. Your employees must download and install their certificates to receive payslips. Your therapy clients, your head-hunter clients, your personal trainer clients … all must download and install a digital certificate before they can receive your private emails.
Here are the encryption help pages from Microsoft, Thunderbird and Gmail. Outlook 2007 is the oldest version Microsoft supports. Thunderbird is Open Source and there’s no licence fee, and Gmail is Google, so their users don’t usually have out-of-date versions.
It’s all a bit scary for those not very happy with the jargon and the process.
Remember, every person in your organisation, or your client base, who sends or receives payslips, treatment plans, or any other personal data as defined under GDPR, must do this.
A Tale of Woe
On the other hand, for me, a problem turned into an opportunity.
I use Outlook 2007. Installing my digital ID looked straightforward, so I downloaded my certificate and followed Microsoft’s instructions to install it.
Sadly, it didn’t go well. The process ended abruptly with an Outlook error message saying, my .pst file is corrupt and the certificate could not be installed.
So, how do you un-corrupt a corrupt .pst file? I wasted a lot of time:
- searched the Internet for how to fix it
- restored first one backup, then another, then latest version again as they didn’t work
- unloaded the .pst file to Excel and loaded it back again
All to no avail.
However, during my research I discovered Tutanota…
The Simple Way
Only email senders need an account, which for a small business like ours, means one person. We just send payslips this way, nothing else. Many consultants and therapists are sole traders, so they’d need only one account, too.
Recipients use their normal email client, plus a web browser. Nobody needs a digital certificate.
Sending secure emails is simple, once you’ve set up your Tutanota account:
- log in to your Tutanota account
- type your first encrypted email, add your attachment, and:
- invent a password for the recipient to use
- send the password using SMS or your usual (unencrypted) email
- Tutanota stores recipient, with password, in your address book
- recipient receives the email at their usual email address, containing a link to Tutanota’s secure website
- clicks the link, then uses the password to read the mail and download attachments
Tutanota remembers each recipient’s password in your address book, so you don’t need to hink of a new password every time. After the first email, of course, recipients’ password managers handle the logging in, so subsequent communications are simple.
I expect Chamber members would be interested to hear other people’s experiences with encrypted emails.
About the Author
Mark Fielden works for BlueTree Website Design, who made and manage the websites of some well-known Portishead companies, as well as many further-away businesses and lesser-known ones around the town. They also like to help local sole traders and new start-ups on their digital marketing journeys.