In times of phishing attacks and spam, protecting email communication is more important than ever. DMARC (Domain-based Message Authentication, Reporting & Conformance) is a protocol that helps to verify the identity of the sender of emails, thereby preventing spoofing, phishing and other attacks that severely damage trust in a brand or company.
DMARC reports are sent to domain owners as a detailed feedback mechanism that provides valuable information on how emails are handled by the various email providers. But how does this align with the General Data Protection Regulation (GDPR) and other legal requirements? In our legal opinion on the compatibility of DMARC with the GDPR, we take a comprehensive look at this question and provide practical tips for the legally compliant implementation of DMARC.
Dr Katharina KĂŒchler (eco) and Patrick Ben Koetter (sys4 AG) explore over 14 pages whether and under what circumstances one or the other form of the DMARC report is legally permissible against the background of the principle of data minimisation and the protection of personal data. Under what conditions is the collection, processing, sending and receiving of such reports permitted? The result: The implementation of DMARC is compatible with the GDPR with some limitations, which can be read in detail in the free legal opinion.
You can now download the legal opinion on the compatibility of DMARC with the GDPR and other legal regulations by the eco Email Competence Group / CSA.