As a privacy and encryption company, ProtonMail has complied with the GDPR from the start. This article explains how ProtonMail complies and how using our services can contribute to your organization’s security and privacy strategy. For legal advice, it is important to consult with your attorney.
About the GDPR
The General Data Protection Regulation (GDPR) is a European Union privacy law effective May 25, 2018. Any organization that collects, stores, or uses the personal data of EU citizens or residents must comply with the GDPR. Penalties for violations can be as high as 4% of global revenue or €20 million, whichever is higher. Learn more about the GDPR.
ProtonMail encryption satisfies data protection requirements
The GDPR requires organizations to implement one of three measures to protect the personal data in their possession: pseudonymization, anonymization, or encryption. The objective of these techniques is to reduce the potential for harm if personal data were to be breached.
ProtonMail uses end-to-end encryption and zero-access encryption to protect emails at all times. We cannot access users’ encrypted emails because we do not have access to users’ private encryption keys or passwords. These security measures guarantee that messages cannot be read, even if our servers were somehow breached.
If your organization shares or may share personal data via email, then using ProtonMail will ensure your email practices are compliant with the GDPR.
ProtonMail Data Processing Agreement
For organizations using ProtonMail, we provide a Data Processing Agreement, which the GDPR requires for organizations that use third-party services. This agreement establishes the rights and obligations of both parties under the law. You can download our Data Processing Agreement.
ProtonMail Professional is flexible and affordable
We offer ProtonMail Professional, an easy-to-use enterprise solution, for organizations with multiple users under your own domain. This ensures that you can benefit from both end-to-end encryption and still keep your existing business email address. You can learn more about ProtonMail for businesses here.
If you have specific questions about our service or the GDPR, send us an email.
Full text of the GDPR