Data Privacy Compliance in the Cloud
Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.

Mandatory e-mail encryption from January 1st 2019 in Denmark


The new practice of the Danish Data Protection Agency requires all work related e-mails containing personal data is to be encoded according to the GDPR.

The new regulations mainly affect private operators, as similar rules already exist for public authorities. This means that companies, associations, foundations and all other non-public actors working with data will have to establish new encryption methods.

The obligation to encrypt relates exclusively to sensitive and confidential personal data in accordance with the GDPR-defined term, which includes ethnicity, political and religious beliefs, memberships, sexuality, fingerprints, social security number and information covered by a duty of confidentiality.

A concrete assessment of whether the data in question is "sensitive and confidential" is mandatory. Thus, each case must always be considered individually. Therefore, it is recommended that companies establish a minimum standard that takes the industry and type of information within the company into account. The type of encryption and data security requirements demanded by the Data Protection Agency must be complied with. In the private sector, the so-called TLS system must be used as a minimum. This system protects the data during the transportation between sender and receiver. Please note that the strength of the security protection must correspond to the magnitude of the concrete security risk at hand.


Article provided by: Dr. Claas Thöle (NJORD Law Denmark)


Discover more about the Cloud Privacy Check(CPC) / Data Privacy Compliance(DPC) project

Director CPC project: Dr. Tobias Hö



53 lawyers from 33 countries are contributing to the project “Cloud Privacy Check (CPC)” in 26 different languages.

Understanding the complexity of current European data protection laws and regulations is already difficult enough for an IT engineer, buyer, or business user. In combination with the often small but nevertheless significant differences between various EU member states, however, it can become an almost insurmountable challenge without proper juristic accompaniment from the very start... Read More



The CPC is a trusted, not-for-profit international network of qualified professionals who deliver simplified and straight-forward guidance to help navigate the legal and regulatory environment relating to privacy and the cloud. This is done through collective know-how, research and market analysis gained from pan-European industry activity, collaboration and experience. Our mission is to provide authoritative views, information and practical solutions to two principal stakeholders: industry professionals and public authorities.