In this post we will explain how GDPR applies to email retention and email archiving, and how an email archive can help you comply with the GDPR.
The EU’s General Data Protection Regulation (GDPR) introduced new requirements for businesses on May 25, 2018. From that compliance date, businesses that collected or processed the personal data of EU citizens were required to implement safeguards to protect the personal data of EU citizens. The GDPR also gave EU citizens new rights over their personal data.
The GDPR applies to personal data in all its forms, no matter where the data is stored. That means personal data in email accounts is covered by the GDPR. Email inboxes and folders can contain a wealth of personal data and that information is subject to the strict privacy and security requirements of the GDPR.
Email data may need to be retained to comply with laws in the country or state in which your business operates, for to comply with industry specific legislation. The GDPR also has implications for email retention. There is no minimum or maximum time stipulated for email retention in the GDPR, instead the GDPR states that personal data can be kept in a form that allows an individual to be identified for no longer than necessary for the purpose for which the data was collected or processed. The GDPR allows the archiving of personal data, including email data, provided personal data is processed for archiving purposes.
The GDPR requires businesses to implement security measures to ensure personal data is protected. Article 5(f) of the GDPR requires personal data to be protected “against accidental loss, destruction or damage, using appropriate technical or organizational measures.” The easiest way to ensure email data is protected is by using encryption and storing emails in a safe and secure environment where they are protected against unauthorized access, accidental deletion, and tampering. The easiest way to do this is with an email archiving solution.
Here it is worthwhile explaining the difference between an email archive and a backup, as while both can be used to store emails there are important differences. A backup is a temporary repository for email data that ensures emails can be recovered in the event of data loss. Backups are usually only kept for a limited about of time, often until a new backup is created. A backup allows the mail system or data in an email account to be restored to a specific point in time. An email archive is used for long term secure email storage and, in contrast to a backup, it can be searched and individual emails can be quickly found and retrieved.
Many businesses already use an email archiving solution to comply with state, federal, or industry regulations. An email archive is also invaluable for eDiscovery and dealing with customer complaints. An email archive can also be used to recover email data in the event of disaster and protects against data loss.
An email archiving solution is important for GDPR compliance as it allows email data to be stored safely to prevent data loss and unauthorized access. Personal data in emails can also be quickly be found, recovered, and deleted securely.
ArcTitan, TitanHQ’s secure email archiving solution, is the ideal email archiving solution for GDPR compliance. ArcTitan includes end-to-end encryption for email data, access controls – including role-based controls – to ensure email data is protected against unauthorized access, and ArcTitan creates a tamper-proof record of all email data for the duration of your email data retention policy.
If emails need to be found, the archive can be searched and messages can be quickly and easily retrieved, such as when a request is received from an EU citizen to access their personal data or a request is made for personal data to be deleted. ArcTitan also allows you to permanently and securely delete emails and the consumer data they contain in full compliance with the GDPR.
For more information on ArcTitan, contact the TitanHQ team today.