Citizens of the European Union have reason to relax: The introduction of the General Data Protection Regulation (GDPR) since May 2018 significantly strengthens the protection of personal data and at the same time initiates a new era of European data protection. But one man’s meat is another man’s poison. Not everyone agrees with the “strictest data protection law in the world”. Companies and organizations that have to implement numerous new policies and guidelines, are annoyed by the significant additional effort and the partly non-transparent regulations.

Since the GDPR also has a direct effect on the handling of emails, there are a few things to consider as well – especially with regard to the issue of email archiving. We show how the GDPR and legally compliant email archiving can be combined and explain the most important myths.

The devil is in the detail

As a company, do I really have to archive all emails and if so, for how long at all? These are typical questions asked by those responsible for implementing the GDPR. At this point, the GoBD (principles for proper management and storage) [only in Germany] play an important role. These principles specify how long emails with certain contents must be archived. It is not uncommon for archiving to be confused with backup, but clear differences must be made here.

While a backup ensures the temporary availability of data and its recovery, archiving has a different function: it guarantees the long-term storage of data on a separate storage medium for documentation purposes. According to the GoBD, an email always has to be archived if it operates instead of a commercial or business letter or a booking document. If the email is only a means of transport and contains, for example, an accounting document as an attachment, only the attached file as such must be retained, but not the email itself. However, a printout of the invoice is not sufficient.

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

The required retention period for business emails is six to ten years. However, small businesses are excluded from this regulation. The exact storage obligations for the different types of documents can be found in the tax code as well as in the commercial code. The situation is different with private emails: Companies, in which the private use of emails is at least tolerated, may under no circumstances monitor or store the private email communication of employees.

The GoBD also specifies that emails must be archived unmodified. This means that a simple storage of digitized documents at this point is not sufficient. Another misbelief is the storage via the email client. Simply creating a folder and manually moving all emails, that are required to be archived, is not sufficient either. The proper protection against loss or theft is simply missing here. But how can a company implement all these regulations as cost-effectively as possible and save time and resources?

The solution lays in the cloud

If you want to be on the safe side, you can rely on modern email archiving via the cloud. Cloud-based email archiving solutions offer several advantages for companies: they are fully automated, legally compliant and operate without the intervention of internal IT.

Hornetsecurity’s email archiving service, for example, ensures that emails are transferred to the archive fully automatically. A very precise distinction is made between clean mails and spam as well as info mails. The latter of course do not end up in the email archive. The complicated and time-consuming search for archived emails is also prevented by Hornetsecurity’s email archiving service.

Thanks to perfectly coordinated search algorithms, emails can be easily retrieved and filtered via the Hornetsecurity Control Panel. The administration is made easy for IT managers: Only a few clicks are required to manage Aeternum – regardless of whether this involves the import or export of emails or basic settings for the duration of archiving.

Additional information: