Since January 1st the Danish Data Protection Agency (DDPA) has introduced a law that requires organizations in the private sector to use encryption for email when transmitting confidential or sensitive personal data. The rule was first announced on July 23rd, 2018, as part of the DDPA´s interpretation of the European GDPR.

The introduction of this law means that private companies are now obliged to encrypt sensitive and confidential personal data in accordance with the GDPR. The confidential data concerns individuals ethnicity, political and religious beliefs, memberships, sexuality, fingerprints, social security number and information covered by a duty of confidentiality.


To not comply with the new law could lead to serious fines. Fines like these are costly and unnecessary when considering that the steps you need to take to prevent them can be quite simple. Another big consequence of a data leak is, of course, the loss of reputation. If consumers hear about a company having a data leak they are most certainly going to be very reluctant to engage with that company.

Regardless of fines, it’s important to have secure communication channels. And being proactive in your data protection measures, rather than reactive when it’s already too late and your data is in the wrong hands.

Route ahead

What’s important for companies now, not only in Denmark but Europe in general, is to carry out a risk assessment regarding the processing and storing of different data of varying category. The first part of the risk assessment is a survey that maps all the risks associated with the data the organization is handling, and categorization for that data, with a scoring system that maps probability and severity in terms of data leaks.

Once that part of the assessment is done the organization can move on to assessing the appropriate measures that will ensure data security and thereby compliance with the new regulations.

As an organization its important that you take the necessary steps, not only ensure that you are within the regulations, but also just for the sake of securing the confidential data you process.

Some recommendations

Jesper Lund, chairman of the nonprofit IT-Political Association of Denmark, told Bloomberg Law July 24. “I would expect Danish private companies to look at similar semi-closed webmail-like systems as the only realistic option for complying with the new DPA requirements,”

“Rather than having every company develop its own closed secure email system, I would expect IT companies to market systems that can be used by Danish citizens for communicating with all companies that subscribe to the system.”

Sending and receiving confidential data securely

Ensuring data security means, in almost all cases, to adopt a secure communication and data protection system. The important thing here is that the systems have the quality of protecting the data regardless of the recipients level of security. Meaning that the data should be encrypted and therefore secure by just the sender having a secure emailing system in place. Some key points to focus on if you are planning on adopting such a system for your organization is ensuring end-to-end encryption, TLS network connection, as well as software that protects against human errors which accounts for somewhere between 50% to 80% of data leaks depending on the country. Functionalities that assist you with the doublechecking of the recipient and email content, as well as the ability to block attachments after sending. These functionalities can come in very handy, and sometimes be crucial in preventing data leaks.

We at SmartLockr work to help organizations meet the regulations that came with the GDPR of 2018. Ensuring data and email security across the workforce, as well as secure communication and transmission of data with external partners and customers.

If you want to see how easy it is to use our secure mailing via a demo or trial you can click here, you can also find more information about SmartLockr secure mailing on our website.

Subscribe for more articles