Welcome to the Thirteenth edition of “The Fellowship” newsletter.

I took a break last week to rest up. I had a hectic week at work and was a little fatigued. It’s been another hectic week, but I’m feeling rested this morning and happy to spend some time writing to wonderful people.

The 12^th Edition of “The Fellowship” covered What is the objective of the Security Function. It’s a good edition that details why security policies are the root of all control. If you’ve not managed to read it yet, I would encourage you to do so.

This week, I want to help you with a simple lesson in using Automation. Let’s get into it.

How to automate bulk email so you don’t breach GDPR.

My email address has been included in at least four data breaches in the last two years. Once, it was breached by a person of high stature in the security industry. They emailed their customers about an event they were hosting and sent it to everyone using the “To” address.

I could see the email address of all their customers who had registered for the paid-for event. If I were unscrupulous, I could have loaded their emails into my subscriber list and tried to sell to them. I didn’t… That would be a breach of GDPR and does not meet the personal values and ethical standards I hold myself to.

I was sent an email from a local public speaking group on a separate occasion. Similarly to the previous example, they had included all club members in the CC address. As someone concerned about the security and privacy of my personal information, I reported the data breach to the senders.

I have not yet reported a small business or a club for breaching my personal information to the Information Commissioner’s Office (ICO), the government body responsible for enforcing UK GDPR. They get a second chance. If they persist in sending my information insecurely, I will remove myself as a customer/member/subscriber and report them.

Any organisation collecting and using the personal information of UK citizens or those who live in Europe should be aware of their obligations under GDPR and implement safety checks before using the information in a way that could constitute a breach.

Mihaela Jembei, the ICO’s Director of Regulatory Cyber, said:

The ICO is genuinely monitoring the number of UK GDPR data breaches caused by the incorrect use of the BCC field and wrote this post only one week ago on LinkedIn.

How can you prevent yourself from breaching UK GDPR when sending bulk emails?

You have a couple of solid options. The first is an external platform that allows you to collect email addresses, group them using tags, and send them to each person individually. Here are the top 5 bulk email platforms:

1. ConvertKit

2. Mailchimp

3. SubStack

4. Podia

5. HubSpot

I like these options because they have been designed for the sole purpose of sending bulk emails. You can use them for Announcements, Newsletters, Product launches, and Sales promotions. Most platforms have a free option for managing a list of only a few hundred people. If your list is a little more extensive, the cost to use the paid options is usually high.

The second option is to use automation to control the email list on your licenced services, keeping it in-house, and if you’re paying for the product anyway, it doesn’t cost anything extra. What I’m talking about is Power Automation by Microsoft. It is BRILLIANT!

Power Automate

The application has two options. You can use the Desktop Application, or you can use the Cloud Application. I will share some resources and then show you what I do using a cloud flow. You can find the documentation Here: https://learn.microsoft.com/en-us/power-automate/

What is a flow?

A flow is the name of running a series of actions using automation.

Desktop Application

You can use the free desktop application. Some of the more advanced options are restricted to paying customers. For those of you running a business, if you’re using the MS365 environment for your company, the product may be included in the licence you already pay for. If it is, it’s even better because you can do much more with it!

The instructions to install are here: https://learn.microsoft.com/en-us/power-automate/desktop-flows/install.

You can download it here: https://powerautomate.microsoft.com/en-gb/robotic-process-automation/.

Cloud Application

Sign into Microsoft Office 365. At the top left, click the nine little dots and select Power Automate from the list. When it opens, click “+ Create”.

Flows running from the cloud are capable of a lot more. Here are a few examples:

• Automated Cloud Flow that runs when something happens. You do not need to do anything for this to run. An example might be if you receive an email. You can forward the email to the account manager, add the person to a database, and send them follow-up emails.

• Manually trigger a flow. This requires you to start it. It could be anything. Say you want to announce a new product. You can input the latest product information into a flow, trigger it to start, and the flow will send it to your email list and send it to your social media channels as a new post.

• Scheduled Cloud Flow. This is for things you need to happen, and you know they occur at a set period. You might need to take the bins out every Wednesday. You can set up a flow that will send you an email every Wednesday to remind you to take them out.

Connections

Power Automate integrates with hundreds of different applications and services. All types of flow can be connected with Microsoft applications and hundreds of others. Here are some examples of applications that you can connect to:

Templates

Microsoft has provided a lot of template flows for you. Select the flow, amend the information to what you require, and you’re all set! Here are a few examples:

• Save a Teams message in OneNote.

• Forward emails to a channel in Teams

• Notify a team when a task in Planner changes.

• Find a meeting time with the sender of an email.

• Post a message to Teams when a Jira is created

Sending Bulk Emails using an Excel sheet (Business Only)

I use this to send emails to a list of people gathered from a tool such as an LMS. I might use it to send a reminder to complete their training if they are not doing it after receiving automated emails from the tool. Create this flow using a business MS365 Account. A single-person company costs £19 a month, including most of the Microsoft Tools. It’s worth the investment. You will need the following things:

• Microsoft Excel

• Microsoft Outlook

• Microsoft Power Automate

• Microsoft SharePoint

Excel Document

This document will need a column listing the customer email addresses to which you want to send the email. A second column with “Yes” on each row is also required. Don’t include the quotation marks. Save the file to a location that Power Automate can reach. For me, I will use SharePoint.

Power Automate

Open Power Automate and create an Instant Cloud Flow.

Give the flow a name and make sure “Manually Trigger a Flow” is selected.  Click “Create,” and it will open your new flow.

Click “Next Step” and search for “List rows present in a table”.

Select the file where the information resides. Select “Next step” and search for “Condition”.

This option is asking a question. We need to give it the question to ask. Click on the highlighted  “Choose a Value” option. Here, we need to input some Dynamic Content.

What is Dynamic Content?

Dynamic content can be selected from previously gathered data in the flow. So, for this step, we want to choose the “Send to email” option from the Excel table.

Selecting the option will change the flow to put the condition inside an “Apply to each” option. That means that for each “Send to” in the Excel table, it will run the condition. Make sure the “Send to” condition “is equal to” > Yes.

Inside the “If yes” option, click “Add an action”.

Search for “Send an email (V2).

In the “Send an email” action, click on the “To” option. We need to add the dynamic action.

Select “Customer email” from the “List rows in table” option.

Fill out the email information.

We can tidy up the flow by adding a “Terminate” option below the condition.

This flow is complete and can be used to send emails to your contact list without risking a breach of UK GDPR. You can save the flow and run a test using a personal email address.

How can I help?

I can use Power Automate for many tasks within the Security Awareness, Compliance, ISO 27001, and GDPR space. If you’d like assistance to automate your processes, please email info@policywizard.io or DM me on LinkedIn. My services page has information on other services I provide.

That’s it for this week. I hope you’ve enjoyed learning how to send bulk emails using Power Automate. Let me know what you think in the comments or on LinkedIn. If you liked it, consider sharing it with your peers.

Until the next adventure!

Stuart Wedge 🧙‍♂️

PolicyWizard