Data protection, transparency, traceability and integrity:
Modern solutions for email, Electronic Signature and compliance.
Data protection and compliance
Data protection and compliance
Until now, many data protection breaches were not punishable and were often ignored. This will probably change with the entry into force of the General Data Protection Regulation that comes up with severe penalties up to € 20 million or 4% of global sales.
Email as the transport medium of information and data of any kind is particularly concerned by the GDPR. Most business emails are written and sent by employees, and human errors could seriously affect your company!
We can assist you with the implementation and accomplishment of data protection tasks.
RMail provides compliance with the following standards:
- GDPR - EU General Data Protection Regulation
- BDSG - Federal Data Protection Act
- HIPAA - Health Insurance Portability and Accountability Act
- FSA - Financial Services Authority
- GLB - Gramm–Leach–Bliley Act
- SOX - Sarbanes-Oxley Act
- CFPB - Consumer Financial Protection Bureau
Imposter Protection (CEO Fraud)
Many people blindly trust an email and execute instructions promptly. Bad guys take advantage of this and send for example emails under the real name of the financial director to the finance department with payment instructions. These payments are often executed.
RMail Anti Whaling provides an additional security layer by tracking and analyzing the header information and the path of incoming emails, and if needed by suggesting the employee to verify the informations by calling the sender. It could be that ...
Encryption with proof (Compliance Record)
Encryption can only protect data if it is actually used. RMail offers a positive user experience, in particular since no provisions are necessary on the recipient side.
RMail offers two encryption methods:
TLS - Transport Layer Security: Network-based encryption. Can be configured to enforce TLS. If this operation fails, the SecurePDF (PDF Wrapper) method is automatically applied.
SecurePDF: A 256-bit AES encrypted PDF wrapper that contains your messages including all attachments. To open the SecurePDF, the recipient only needs a PDF reader and a password.
Compliance and compliance record
With each message, RMail delivers a Registered Receipt, which proves the encrypted delivery of your message and demonstrates compliance with the statutory data protection requirements, whether GDPR or HIPAA. This Registered Receipt can be authenticated at any time. You are protected in the event of a data breach, because you can prove that the data breach may have occurred only after your message arrived at the recipient!
Prevention of human error
RMail supports your organisation in data protection and helps to reduce human error. Extensive functions support your organisation:
Imposter protection (CEO fraud)
Encryption complemented with Corporate Filter Policies (based on the content of messages or fixed rules)
LargeMail: transmission of attachments up to 10 GByte. Your employees do not need to use private file share accounts etc. (often common practice in many companies)
Highest recipient acceptance
Many encryption solutions simply fail at the recipient and are therefore not widely used despite high security. There are some examples of this in the past:
- Secure, but too complicated for many users (especially in B2C): Public Key Exchange or Public Key Infrastructure. PKI solutions well as S/MIME in conjunction with Microsoft Outlook provide a very secure crypto system, but at the same time, users are facing major hurdles. In companies, the IT department handles the management of certificates and keys (expiration date, key exchange, etc.), but most end users fail here. Moreover, many mobile solutions for email do support this infrastructure only partially or not (anymore). RMail itself takes advantage of a PKI infrastructure for some of the services, but makes these operations transparent to the sender and recipient, so that they are not burdened with the details.
- Store and Forward Systems can be the gateway for phishing attacks or man-in-the-middle attacks. At the same time, Store and Forward Systems are highly suspect to many recipients: clicking on links or opening an account just to read an email is frustrating. In particular, if a communication exchange takes place only rarely, many recipients forget their passwords. At the same time, storing sensitive data requires appropriate cloud systems!
- Avoiding any unnecessary hurdles on the recipient side was of focus whilst designing the RMail system. The encryption interoperates easily with all email clients on the recipient side and offers an audit proof GDPR evidence with its Compliance Record. RMail delivers the (encrypted) messages directly to the recipient - True Direct Delivery and the messages can be received, opened and read with any email client just like any other email.
«RMail is easy to integrate, provides state-of-the-art technology, and meets the requirements of the GDPR for the transfer of personal data. Recipients acceptance and the simplicity in communicating with third parties have convinced us, so RMail is extensively used in our company.»
- Kemal Webersohn, CEO WS-Datenschutz GmbH
The "paperless office" is gradually becoming reality. Due to the changes in our working world - primarily due to the growing mobility of work - new tools and solutions are needed.
With eSignOff by RMail you can transparently demonstrate each step of the digital signing process. This concerns both the content of the documents at the time of signing as well as the signing by the respective parties themselves. The eSignOff Record, embedded in the signed document as a receipt of delivery, enables a comprehensible reproduction of who signed what at what moment.
eSignOff offers several possibilities:
- traceable evidence of agreements
- eSignOff by email: You send your attachments (PDF or MS Office documents) to the recipient (s) via eSignOff. Once the acceptance of the attachments has been confirmed, they will be digitally signed together with an eSign Record and delivered to the parties.
- eSignOff by hand: This service provides an elegant way to have documents (PDF or MS Office) signed in the browser. Subsequently, the documents are digitally signed and delivered to the parties including an eSign Record.
Once all signatures have been submitted, the system digitally signs the document and sends it to all parties.
For the integration of RMail into corporate systems several options are available. In addition to an API for the connection, the use of Domain Extensions and Subject Line Instructions is the most elegant way:
Advantages of Domain Extensions:
- The RMAIL service requires no additional hardware installation at the customer site (gateways etc.)
- Does not require any additional changes within existing security concepts
- The pure automation process does not change any existing business processes in customer processing
- Automation is done by adding a domain extension at the end of the existing recipient addresses
- The return address remains unchanged
- Customers can use their existing email address. They do not need to create a user account, click on links or pass an identy verification.
- No additional setup costs for Domain Extension automation.
- RMail retains none of the transmitted information (True Direct Delivery)
- Encryption supplemented with Corporate Filter Policies (based on the content of the messages or fixed rules)
You can use the so-called Subject Line Instructions to give the messages instructions on how to process the email and the attachments. The domain extension and the subject line instructions are removed during processing on the RMail server.