GDPR Subject Access Request

The new European General Data Protection Regulations (GDPR) make email and document redaction software a more critical investment than ever before. In this guide we will provide a quick walk through of how to redact email, attachments and office documents from within the Hexamail Flow email client more rapidly and efficiently than with any other redaction software or email client.

The Hexamail Flow email client provides full email client functionality and in addition the GDPR module allows it to be used for managing Subject Data Access requests on a standalone workstation or desktop PC. By operating entirely offline or within your network, and away from the cloud, this does not multiply the issues of managing GDPR within your organization or add additional data protection issues to an already complicated area.

Lets work through an example to see how you can best fulfil a Subject Access request and provide redacted email, attachment and office document content to the requester.

Importing an email set for redaction

Often the first stage of any Subject Data Access Request email redaction process is to extract all relevant email from a larger database or set of email. This can be done using:

  • standard Microsoft Exchange search and Export tools
  • Outlook Email Client
  • Gmail
  • Office 365
  • an email archive tool such as Hexamail Vault (that can import all email from Exchange and facilitate rapid and efficient search and export of email in standard formats).
Once you have performed the email discovery using the approach of your choice above, you should have:
  • a PST file (from Exchange or Outlook)
  • folder on disk or zip containing a multiple MIME eml files, Outlook MSG files, or text format email files.
  • an IMAP folder on your server
  • a Gmail folder
  • an Office 365 folder
  • an on-premises Exchange server folder
Hexamail flow can view these directly or import the content into a new local or server folder of your choice. Hexamail Flow with the GDPR module provides a feature to create a special "Subject Data Access Request" folder. The Subject Data Access Request folder is a special folder that also contains a single contact record relating to the subject of the request. The subject contact details are used as a "white list" of terms to not be auto-redacted. This folder type also allows arbitrary Office documents such as Word, Powerpoint, Excel or Adobe PDF to be imported or dragged into the folder for later redaction.

Importing an Exchange or Outlook PST file

If you choose to create a Subject Data Access Request folder the subject contact will automatically be created, and the import pop up box will prompt for you to locate the PST file (or other file types) you wish to import. Once you have chosen to import it you will be prompted whether to create the folders found within the PST file or just import all email into the top-level folder. If you do not wish to import anything just cancel the prompt. You can then import email into the folder by dragging them from another account such as IMAP, Gmail or Office 365.

Filling out the subject contact details

Locate the subject contact record window and fill out the contact details for the subject making the Data Access Request. These details will NOT be redacted automatically from the email and attachments that are to comprise the Subject Data Access Request

Save the new Subject Data Access contact record

Filtering the email list (optional)

The next step is to filter the superset of email down into the list of email that need to be provided to the subject as part of the Subject Data Access Request. This can be done in same way as with any email client. You can select multiple email and delete, flag/ sort or hide email. You can pin email to the top of the list while you work. There is also a powerful built-in "Sweep" function to remove all email from specific senders or remove duplicate email chains from within email conversations. Using sweep you can delete all emal that are part of other email threads, and have no unique attachments in a single click.

Sweep email content

Once you have the final filtered list of email and attachments you need to redact you can start redacting each email content and any attachments. This process is semi-automated but a quick manual inspection is required to ensure all sensitive material has been correctly redacted.

Redacting the email content

Open each email by double clicking to open as a new window, or if you prefer to use the preview pane, then click on each email and it will automatically be displayed in the preview pane. Once in the preview pane you can just right click the content and choose "redact" or click the redact button in the toolbar on the right hand side

Redact email content

The automatic redaction will redact all phone numbers, post codes, addresses, email addresses, web links, first and last names from the content. In the redaction page you can still read the text that has been redacted, but don't worry: on printing the content is entirely blanked out. If something should not be redacted click on the redacted text and choose "un redact". if text is still present that needs redacting right click the word (or make a selection) and right click and choose "redact". You can also double click any word to toggle it's redaction. The floating window in the bottom right shows all the words currently redacted or white listed (never to be redacted for this subject request). The window can be picked up and moved if required.

Once you have completed the redaction process you can click Print to print the redacted content or simply move on to the next email, the redacted content will be automatically stored alongside the original email and shown whenever you reopen the email. If you want to remove the redacted content just click the small close button on the redacted tab at the bottom. Your redactions for this email will be removed.

An email with redacted content is shown with a special redacted icon next to it in the email list so you know which email you still need to process and which have already been redacted

Redacted email shown in list

Redacting email attachments

You can redact the content of any email attachments in the same way. Just click on an email to display it in the preview (or double click to open it in a new window). Select the attachment to redact from the Attachments tab and right click and choose "redact". A HTML version of the PDF/Word/Excel or Powerpoint document is shown and can be redacted in the exact same way as the email content. Redacted versions of attachments are shown as additional redact tab and stored alongside the email for future viewing or printing. Again you can choose to print the redaction right away or simply move on to the next email to carry on redacting content.

Redact email attachments

Redacting Office documents

You can redact the content of any office documents in the same way. Just click on a file/document in Hexamail to display it in the preview (or double click to open it in a new window). Right click the content and choose "redact". A HTML version of the PDF/Word/Excel or Powerpoint document is shown and can be redacted in the exact same way as the email content. Redacted versions are shown as additional redact tab and stored alongside the document for future viewing or printing. Again you can choose to print the redaction right away or simply move on to the next email to carry on redacting content.

Redact Office Documents

Printing out redacted content

Once you have redacted all the content required you can select multiple email in the list in the usual way (hold control down when clicking an email to select it as well, or hold shift down to select all email from the previous selection to the newly clicked email). Once selected right-click the selected email and choose "Print Redacted". This will check all email have redacted versions and print those redactions. You can optionally choose to open all the email that are missing redacted version in order to perform the redaction before printing.

Printed redacted content

Saving a Subject Data Access request

Once you have redacted and output all the content required you may wish to save the entire Subject Data Access Request for future reference or to reissue if required. To do this right click the special Subject Data Access Request Folder and do Export...