Legally compliant e-mail archiving in companies (1/2)
A large part of today’s corporate communications and business processes are conducted via e-mail correspondence. Even in companies that do not completely rely on the paperless office, the topic of legally valid e-mail archiving or long-term archiving became more and more important. This means: All companies today really need a professional software solution to introduce well-structured e-mail archiving.
Why exactly is e-mail archiving needed?
To anticipate: Every company has certain legal transparency obligations (in Germany). Some e-mails (not necessarily all) in companies must be archived. This is due to tax law reasons (the tax office must be able to trace the course of business even years later). Basically, every company must archive the emails that are relevant to the processing of a transaction (for example, also complaints). Not only received e-mails, but also sent e-mails must be archived. The file attachments of the e-mails must also be saved.
This is important:
One note in advance: For reasons of data protection (DSGVO), e-mails in the form of personal communication as well as conversations between employees and the works council or employees and the works doctors must not be archived. Employees would have to explicitly agree to have their private e-mails archived beforehand or the use of private e-mail communication is completely prohibited by the company. In addition, there is otherwise only the possibility that all business e-mails are filed/archived separately by the employees.
A professional e-mail archiving is to be understood as part of a reasonable data protection strategy in the company and is based on the DSGVO – the aim is to be able to provide information on all stored personal data at any time on request. To achieve this, companies need software that performs e-mail archiving and enables e-mails and attachments to be searched and exported at any time.
What is not considered legitimate e-mail archiving?
- Printouts of the e-mails (are not considered to be original)
- A pure e-mail backup system is only a backup, not an archiv! (Because here the e-mails could be manipulated or deleted and the availability and retrievability is not sufficiently given).
- An integrated archiving function of the email program is also not sufficient, because here emails are only stored in local mailboxes but this does not mean that the emails are audit-proof and all conditions for a legally compliant archiving are given.
- Even simply moving or sending them to an archive mailbox is not sufficient.
What makes email archiving legally compliant?
The emails must be available in the following form:
- Audit-proof
- Complete (including attachments)
- Available at any time (availability and retrievability must always be guaranteed!)
- Tamper-proof
- Machine evaluable
- The data can be stored on the company server as well as on an external storage medium – as long as all requirements are fulfilled
Which emails need to be archived and for how long?
The retention period (in Germany) is currently 6 years and 10 years for invoices, accounting documents, balance sheets, etc. So it makes sense (if you don’t want to make this distinction) to generally archive all emails for 10 years.
What should a good archiving solution provide?
- Simple installation
- No effort in operation
- It should also be possible to archive already existing mails.
- The solution should always be user-friendly and flexibly adaptable to a wide variety of email programs
An archive solution should ensure that all relevant e-mails can be transferred to a long-term archive in a uniform data format (which cannot be manipulated later but can still be found and read at any time). We recommend PDF format and PDF/A for this purpose. This ensures that all requirements and legal specifications for companies and authorities are met. If possible, all e-mails should be converted into PDF/A documents in order to create an e-mail archive. All data stocks should be prepared for the digital archive.
The next article deals specifically with e-mail archiving with webPDF. In addition, we will add a link list of the legal requirements for regulating e-mail archiving in companies.