In this post we will explain how does GDPR apply to email retention and email archiving, and how an email archive can help you comply with the GDPR.
The EU’s General Data Protection Regulation (GDPR) introduced new requirements for businesses on May 25, 2018. From the compliance date, businesses that collect or process the personal data of EU citizens were required to implement safeguards to protect the personal data of EU citizens. The GDPR also gave EU citizens new rights over their personal data.
The GDPR applies to personal data in all forms, no matter where data are stored. That means personal data in email accounts is covered by the GDPR. Email inboxes and folders can contain a wealth of personal data and that information is subject to the strict privacy and security requirements of the GDPR.
Email data may also need to be retained to comply with laws in the country or state in which your business operates, and certain industries such as finance and healthcare have industry specific legislation with provisions covering email retention.
There is no minimum or maximum time stipulated for email retention in the GDPR, instead the GDPR states that personal data can be kept in a form that allows an individual to be identified for no longer than necessary to achieve the purpose for which personal data were collected or processed. The GDPR allows personal data to be processed for archiving purposes.
The GDPR requires businesses to implement security measures to ensure personal data are protected. Article 5(f) of the GDPR requires personal data to be protected “against accidental loss, destruction or damage, using appropriate technical or organizational measures.” The easiest way to ensure email data are protected is by using encryption and storing emails in a safe and secure environment where they are protected against unauthorized access, accidental deletion, and tampering – an email archive.
It is worthwhile explaining the difference between an email archive and a backup, as while both can be used to store emails there are important differences between the two. A backup is a temporary repository for email data that ensures emails can be recovered in the event of data loss. Backups are usually only kept for a limited about of time, usually until a new backup is created. A backup allows the mail system or data in an email account to be restored to a specific point in time. An email archive is used for long term secure email storage and, in contrast to a backup, it can be searched and individual emails can be quickly found and retrieved.
Many businesses already use an email archiving solution to comply with state, federal, or industry regulations. An email archive is also invaluable for eDiscovery and dealing with customer complaints, as it can be searched and emails can be quickly and easily retrieved on demand. An email archive can also be used to recover email data in the event of disaster, so it also protects against data loss.
An email archiving solution is important for GDPR compliance as it allows email data to be stored safely to prevent data loss and unauthorized access. Personal data in emails can also be quickly be found, recovered, and deleted securely, if an EU citizen exercises their right to be forgotten, for instance.
ArcTitan, TitanHQ’s secure email archiving solution, is an ideal email archiving solution for GDPR compliance. ArcTitan includes end-to-end encryption for email data, access controls – including role-based controls – to ensure email data are protected against unauthorized access, and ArcTitan creates a tamper-proof record of all email data for the duration of your email data retention policy.
If emails need to be found, the archive can be searched and messages can be quickly and easily retrieved. With ArcTitan, you can search 30 million emails a second. Multiple searches can be performed simultaneously, searches can be combined and, in contrast to Office 365 archiving, the same search can be used to find data in the message body and attachments.
ArcTitan is very competitively priced and you only pay for active users. If you are unhappy with your current email archiving provider, changing to ArcTitan is a headache free process and assistance will be provided by our highly experienced support team. For GDPR compliance, ArcTitan is an ideal email archiving solution.
For more information on ArcTitan, contact the TitanHQ team today.