There are risks associated with sending information via e-mail. So do you want to send personal data via e-mail? For example, data about your customers, citizens or other relations? Then, as an organization, you are responsible for ensuring that you send that data securely.
You must take measures for e-mail to prevent unauthorized access to the information. The law does not specify exactly what measures you must take. It does say that they must be appropriate. We give you two examples of appropriate measures below.
1. Encrypting personal data in an e-mail attachment.
2. Encrypting e-mail traffic between mail servers with one or more modern Internet standard(s). Examples of modern Internet standards include DANE, DKIM, PGP, S/MIME, SPF and STARTTLS.
More information on secure Internet standards can be found in the fact sheets below, from the National Cyber Security Center (NCSC):
