Is Proton Mail GDPR compliant?
As a privacy and encryption company, Proton Mail has complied with the GDPR from the start. This article explains how Proton Mail complies and how using our services can contribute to your organization’s security and privacy strategy. For legal advice, it is important to consult with your attorney.
About the GDPR
The General Data Protection Regulation (GDPR)(new window) is a European Union privacy law effective May 25, 2018. Any organization that collects, stores, or uses the personal data of EU citizens or residents must comply with the GDPR. Penalties for violations(new window) can be as high as 4% of global revenue or €20 million, whichever is higher. Learn more about how Proton Mail complies with the GDPR(new window). You can also read our GDPR overview(new window) on GDPR.eu, a resource website operated by Proton Mail and supported in part by the Horizon 2020(new window) Framework Programme of the European Union.
Proton Mail encryption satisfies data protection requirements
The GDPR requires organizations to implement technical measures(new window) to protect the personal data in their possession: pseudonymization, anonymization, or encryption. The objective of these techniques is to reduce the potential for harm if personal data were to be breached.
Proton Mail uses end-to-end encryption(new window) and zero-access encryption(new window) to protect emails at all times. We cannot access users’ encrypted emails because we do not have access to users’ private encryption keys or passwords. These security measures guarantee that messages cannot be read, even if our servers were somehow breached.
If your organization shares or may share personal data via email, then using Proton Mail will ensure your email practices are compliant with the GDPR.
Proton Mail data processing agreement
For organizations using Proton Mail, we provide a data processing agreement(new window), which the GDPR requires for organizations that use third-party services. This agreement establishes the rights and obligations of both parties under the law.
Download our data processing agreement(new window)
Proton for Business plans are flexible and affordable
We offer a range of Proton for Business plans(new window) that offer easy-to-use enterprise solutions for organizations with multiple users under your own domain. These ensure that you can benefit from both end-to-end encryption and still keep your existing business email address.
Learn more about Proton’s secure business email(new window)
If you have specific questions about our service or the GDPR, send us an email.
Further resources:
Full text of the GDPR(new window)
GDPR checklist(new window)