Use Case
GDPR Email Security Check
UK GDPR requires appropriate technical security measures for personal data. Check whether your email infrastructure meets UK GDPR Article 32 requirements — DMARC, DKIM, SPF, and TLS — free.
Run GDPR email check →What's Checked
- UK GDPR Article 32 technical control assessment
- Email encryption (TLS) in transit check
- DMARC, SPF, DKIM configuration review
- Email spoofing risk (data breach risk factor)
- TLS/SSL grade on all internet-facing services
- HTTP security headers check
- ICO-relevant issue identification
- Documentation support for compliance evidence
Common Questions
- Does UK GDPR require DMARC?
- UK GDPR Article 32 requires "appropriate technical and organisational measures" to secure personal data. DMARC is an appropriate technical measure for protecting email channels used to communicate personal data. The ICO has cited inadequate email security controls in enforcement actions.
- What email security measures are relevant to GDPR compliance?
- Key email security measures include: DMARC enforcement (prevents phishing using your domain to extract personal data), DKIM and SPF (authenticate legitimate email), TLS-secured mail transfer, MTA-STS (ensures mail is transmitted over encrypted connections), and DMARC aggregate reporting (monitoring and logging of email threats).
- Can VP Shield produce a compliance report?
- VP Shield produces a technical domain security report. For a formal compliance assessment with control mapping against UK GDPR Article 32, VantagePoint Networks provides paid documentation and assessment services.
Run a free domain security scan
VP Shield checks DNS, TLS, email authentication, security headers, and subdomain takeover risk for any domain. Free, no login, two minutes.
Related Services
Cyber Essentials Domain Audit
Preparing for Cyber Essentials or Cyber Essentials Plus certification? VP Shield checks the domain security controls that assessors look for — TLS, security headers, DNS hygiene, and more.
Run your pre-assessment scan →Stop Phishing Attacks Using Your Domain
Check whether your domain can currently be used in phishing attacks against your customers and staff. VP Shield assesses your DMARC, SPF, DKIM, and spoofing exposure — free, no login.
Check phishing exposure →Domain Security for Remote-First Teams
Remote working expands your attack surface. Check whether your domain email authentication, TLS, and security headers are configured to protect a distributed workforce from phishing and MitM attacks.
Check remote-working security →