Hi I've just had a call from an IT client. He has asked many questions regarding encryption of emails for GDPR compliance. I'm sure this applies to many people and I can't find a definitive answer.
If a website has https, the web visitor enters their data, it's encrypted and sent via PHP to EXIM/Dovecot and into the users inbox, where they then use an email client to read it (SSL on).
1 - The email logs store ip addresses which is identifiable info, I said that GDPR does not say we can't store data, only that there needs to be transparency how long for.
More importantly...
2 - The emails are stored unencrypted in the users mail folder. My client asked if his account was compromised could the hacker read the emails, ie they could upload the mail folder to another server and read all the emails (with a permission change)
I pointed out that the way EXIM works is not going to change overnight because of GDPR and that we cannot change open source software which is built into Cpanel to make it GDPR compliant, we can only highlight this with our software providers, who are also responsible, ie Cpanel.
3 - If data is stored in a mysql data base are you encrypting my database?
My answer - We supply mysql as part of your hosting package, mysql is again open source software, we supply the "service".
But, he said, you are responsible for the data as a data processor. You should be encrypting my database and emails to be compliant.
4 - Are all backups in the EU, luckily we do have all backups locally or in the EU. He didn't raise the question of encrypted backups, but I"m sure this one will come soon!
Again, yes, we are the data processors but can't encrypt if the tools we have do not give us that functionality.
It seems hosting companies are being loaded with all this but the tools to meet obligations are not actually available if you use Cpanel? Or are the obligations being over emphasised because the customers are passing the buck?
We do all we can do with the tools we have and are very vigilant on security, we already do so much the customers don't care to pay for. Noone cares about backups until they lose their sites, they don't actually want to pay for anything extra, ie hourly backups, but then demand the backups are encrypted.
I'm sure this is sending everyone in twist, appreciate comments!