How advanced email forwarding can help you stay GDPR-compliant

CodeTwo Exchange Rules Pro is an email signature and email flow manager for Exchange that is packed with many features that can help you process, protect, and monitor personal data exactly as you want. One of these features is advanced email forwarding. You can forward emails to specific recipients based on many different factors, for example:

• whether the message contains specific keywords in its body or subject (such as name, address, date of birth, etc.)
• who is the sender of the message (specific email address, email address included (or not) in your Active Directory, the message comes from outside of your company, etc.)
• whether the message contains (or not) attachments
• type of the message (new email, reply, forward, etc.).

Take a look at the following examples of use for email forwarding feature in relation to the GDPR and see how easy it is to implement automatic and controlled processing of personal data.

Access personal data in a timely manner

The GDPR requires that all matters related to personal data are handled promptly. You also need to know exactly where this data is stored at all times. Therefore, you intend to keep all emails containing personal data, as well as consents and requests pertaining to this type of data, in one place. This will allow you to react swiftly whenever you receive a request to update or delete personal details or need to prove the validity of received consent, etc.

You decided that it would be best to automatically redirect all emails containing consents and personal data to a specific mailbox, accessible only by your Data Protection Officers (DPO) or any person designated to process that type of data. By using CodeTwo Exchange Rules Pro, you can set up a rule that will forward particular emails to such mailbox, i.e. emails sent by users outside of your company that contain specific keywords in the body or subject of the message. Additionally, it is possible to create another condition that will forward all replies to emails sent by your employees in which they are asking for consent to process personal data.

If the conditions are met, you now want the program to forward these messages to a specific mailbox; however, at the same time, you don’t want them to reach the original addressee. To do so, you can use the Forward message action to redirect all messages to a designated mailbox. Next, below the first action you should add another one – Block message. That way, the original addressee will not receive the email with sensitive content.

Forward all sensitive data to Data Protection Officer

You need to make sure that no personal data leaves your organization without your knowledge. For that reason, you intend to forward all emails that could lead to a possible data breach to your DPO. Additionally, you don’t want to allow any message including one or more attachments to leave your company without your knowledge, as these attachments can also contain personal data. Of course, those users who are appointed to process such data should be able to do so without any restrictions.

In CodeTwo Exchange Rules Pro, you can create a rule that applies to messages sent by users within your organization. Since the program comes with many sensitive content dictionaries which can be used to detect certain phrases in emails, it would be a good idea to use one of them as a rule condition to make it possible to detect personal data. You can also modify this dictionary, adding custom words and phrases that are used in your company. All that’s left to do is to add another condition that will apply to emails that have at least one attachment.

Now, you can create an exception to this rule, because you don’t want to forward any such emails sent by your DPO or members of your Data Security group.

On the Actions tab, you need to add two actions: Forward message and Block message. The first one forwards the original message to your DPO to verify if the email can leave your company. The second action blocks the message to prevent a possible data breach.

Prepare for GDPR

Email forwarding can be a very powerful feature when it comes to the GDPR. The number of possible combinations of conditions and exceptions is virtually unlimited. Use this opportunity to tailor email forwarding rules exactly to your requirements. Implementing CodeTwo Exchange Rules Pro to centrally manage the flow of incoming and outgoing emails can help you stay compliant with GDPR.