Poland’s data protection authority, the UODO, offers guidance on email monitoring in the workplace:

  • The employer may introduce monitoring of the employee’s e-mail when it is necessary in the employer’s opinion to ensure work organization that allows full use of working time and proper use of the work tools provided to the employee.
  • The monitoring

Per the German DSK (the Conference of Independent German Federal and State Data Protection Supervisory Authorities), emails need to be encrypted in order to meet the minimum requirements of Article 32 of the General Data Protection Regulation (GDPR).

This means:
  • TLS (transport layer encryption) at minimum
  • Additional measures like end-to-end encryption and qualified transport encryption

Beware the unsolicited email.

UK ICO fines a pensions company £40,000 for sending nearly two million direct marketing emails without consent.

Points to note:

  • You can’t generally send marketing emails without receiving the consent of the recipient.
  • Even if you use a third party mailer, it is your responsibility to ensure consent has been duly