Hanna-Kunath-Straße 31, D-28199 Bremen
+49 421 34 14 94
brm@brm.de
Jobs & Career Our Blog Imprint
brm IT Service Logo
brm IT Service Logo
Mail archiving according to GDPR
b.r.m.ITIT SecurityTechnology

Mail archiving according to GDPR

Nowadays, electronic archiving of emails and documents is the order of the day. In Germany, GDPR-compliant archiving is required by law. A distinction is made between audit-proof and legally compliant archiving.

Archiving according to GDPR

Audit security and legal certainty

As a rule, audit-proof systems are archiving systems that comply with tax and commercial law requirements and are verifiable in this respect. The information from the systems should be retrievable, traceable, unalterable and tamper-proof. For example, it enables tax authorities to check emails or other documents from the past in order to clarify facts. This means that the entire archiving process, including the technical components, must be checked beforehand, otherwise the user companies will not have any legal certainty for their archiving systems.

However, legal certainty includes accuracy, completeness, security of the overall procedure, protection against alteration and falsification, security against loss, use only by authorized persons, compliance with retention periods, documentation of the procedure, traceability and verifiability. Only when these categories are fulfilled after a practical test is the archiving system legally secure. Legal certainty is therefore a combination of audit compliance, the GDPR and other compliance rules.

Problem

GDPR-compliant archiving is mandatory for the user company and is properly audited. However, audit compliance is only part of complete legal certainty. This means, for example, that a user company may use a product with software that suggests audit compliance on the basis of a sticker but cannot actually guarantee it. This may be due to various components. This is precisely the core problem with legally compliant archiving. Revision security appears to be given in theory, but must first be proven in practice. Compliance can only be verified once the complete archiving system, consisting of the technology, organization, processes and trained employees, has been fully implemented. Legal certainty cannot therefore be guaranteed at the time of purchase, but only afterwards through a corresponding review of the complete system.

If you have any questions about GDPR-compliant archiving solutions and how we can support you with implementation, please feel free to contact Harald Rossol, founder and managing director of b.r.m. IT & Aerospace.

Mail encryption Mail encryptionSeptember 22, 2023
Drone Control and Guidance - drone guidance of the futureOctober 6, 2023 Drone Control and Guidance - Drone guidance of the future