In about a year, it will be official: Starting on 25 May 2018, the General Data Protection Regulation (GDPR) will enter into force. The GDPR is intended to thoroughly standardize European data protection law. Up until now, national legislation based on the EU Data Protection Directive varied greatly between countries; once it enters into force, the GDPR will serve as the immediately applicable law in all EU Member States. The focus will continue to be on protecting natural persons when processing personal data. The stated goal of the GDPR is for EU companies to take the rights of natural persons into greater account with regards to storing and processing personal data. That is a very brief summary of the intent and purpose of the regulation, one that does not account for the entire breadth of its meaning.
We recently noticed that more and more customers are asking about the relationship between email archiving with MailStore and the pending data regulation. Generally speaking, data protection is a very broad and complex field that every company should address with the help of legal experts.
Email archiving is a crucial element of handling data within a company in general. Professional email archiving makes it significantly easier to carry out data governance at a company, or to make this possible in the first place. Many companies who neglect to use an email archiving solution have little control regarding emails. They will probably find themselves asking questions such as ‘Where are emails stored?’ or ‘Are there additional local copies?’ When companies use MailStore Server for email archiving, they cover various areas that need to be taken into account in a data protection strategy. Many companies take measures such as forbidding employees from sending emails with private content from a company account. When companies use MailStore Server for archiving, they can use various functions to secure the archive against unauthorized viewing, manipulation, and deletion, as well as quickly search through it. MailStore 10 includes security features that have been further improved.
If, for example, a customer or former employee invokes Art. 17, Chapter 1 of the GDPR and demands the immediate deletion of emails from a local storage device or different PCs, these messages can be found very quickly (they are centrally stored in an archive) and be accordingly deleted by an authorized person. At the same time, this process will be logged so that, in the event of a breach of compliance regulations, it can be traced internally.
Another hypothetical scenario concerns the right to data transfer, as outlined in Art. 20 of the GDPR: “The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format… ” MailStore Server also helps in this regard, since archived emails can be accessed and evaluated electronically at any time.
These are merely two scenarios describing how email archiving with MailStore Server can help a company’s efforts to comply with the upcoming GDPR. We recommend that companies who take the topic of data protection very seriously integrate this consideration into their IT strategy and obtain advice from their legal counsel.