How Microsoft doesn’t help with GDPR compliance

By:Mark PattisonCategories: IT SERVICES

Getting Outlook to help with GDPR compliance

One of the constant issues we see is people sending out emails that are addressed to multiple recipients. And the addresses of all those recipients are visible to everyone who gets a copy of the email. Now, unless they have the explicit permission of everybody involved, they have just driven a coach and horses through the laws surrounding privacy, generally referred to as GDPR. And yes, it is the law. And yes, they could get fined. So, a bit of explanation, then onto to Microsoft’s unhelpfulness.

Standard office email form

Standard office email form

When you compose an email there’s the “To” field – self explanatory. Then there’s the “CC” field. This stands for “Carbon Copy” and harks back to the days of the typewriter. Everybody in the “CC” field gets a copy of the email. But, crucially, they also get to see all the people in the “To” field and the “CC” field. Which is really not good when doing a mass email. To get around this there is also the “BCC” field. This stands for “Blind Carbon Copy”. Everybody in the “BCC” field still gets a copy of the email. But, crucially, none of the recipients get to see who else was on the list. This is what you MUST use – unless you have good reason for letting everyone know who else got the mail.

The reason Microsoft doesn’t help here is that, when you start a new email in Outlook (the most popular business email client), the “BCC” is hidden by default, discouraging people from using it. The fix is easy:

  1. Open Outlook & create a new email
  2. At the top click “Options”
  3. Click the icon “Bcc”
  4. Close the email

You’ll now have the “BCC” option on all future emails!

BCC field enabled

BCC field enabled

If you are interested in getting you email secure & compliant, have a look at our offerings in this area.

Leave Comments