Skip to main content

Search the KTH Intranet
Svenska

GDPR & E-mail – what should I keep in mind?

Starting point: Do not send sensitive personal data, privacy sensitive or extra valuable personal data via e-mail.

Printable version of this webpage

Printable version: GDPR & Email – what should I keep in mind? (A4) (pdf 116 kB)

Questions about GDPR?

Contact Dataskyddsombud@kth.se

Be careful about attaching documents containing personal data.
Is there another way than email to distribute this? What’s the purpose and legal basis?
Is the personal data necessary or can it be omitted / anonymized?
The right recipient? Forwarding (fwd), copy (cc:) or blind copy (bcc:)?
Contact details for authorities / companies - OK

Storage

How long will the email be stored? Can it be erased directly? Does data erasure happen?
Inform about the handling, e.g. instruct that the email or list should be deleted.

Sensitive / confidential information

If you get sensitive or confidential personal information e-mailed to you, you may not, for example, forward or reply to the email.
If you need to reply to the sender, do this in a new e-mail message to avoid the information being disseminated.