Email archiving obligation: What you need to consider when storing emails

Email archiving is a challenge for companies because they have to manage large amounts of data to ensure that relevant emails are retained and available at all times. In addition, you must ensure that archiving complies with legal requirements and data protection laws. It is also important that your email is protected from threats and cyberattacks and protected against phishing by means of MFA. Furthermore, the archiving should be easy to manage and search in order to respond efficiently to requests. All this requires time, resources and special skills, which many companies are looking for a suitable solution for.

Why the email archiving obligation is important

The archiving of emails serves both to protect against legal consequences and to ensure the availability of important information. In the event of legal disputes or audits, companies can prove that they comply with all legal requirements by archiving their emails completely and properly. In addition, rapid availability of information can help business operations run more smoothly. Without archiving, there is always a risk that important emails will be lost or inaccessible when they are needed.

Email archiving obligation - challenge for companies

Emails have established themselves as a form of communication in today's business world and are a central element of communication. However, emails are not only an important communication tool for companies, but also a relevant information resource for the company. Due to the increasing flood of data, legislation, compliance requirements and requirements for security and protection, entrepreneurs, managing directors or IT managers are coming under increasing pressure.

Data complexity increases

Every day, you and your teams produce, process and receive a multitude of emails. And the trend is rising. Many emails are stored twice and usually not centrally, but in the mailboxes of the employees – usually according to individual, personal systems. Searching in the data silos requires high expenditure of time and personnel, sometimes causes high costs and reduces the competitiveness of companies.

Legal requirements increase

Legal requirements, regulated by the HGB (German Commercial Code), the AO (German Tax Code) as well as the GoBD (Principles for the proper keeping and storage of books, records and documents in electronic form as well as for data access) require companies to archive in an audit-proof manner. If companies do not archive their business-relevant emails, legal consequences threaten.

Data protection is becoming increasingly costly

Organisations have a responsibility to ensure that when emails are archived, sensitive data remains protected and safe from data leaks and attacks. This is important to ensure the integrity and confidentiality of business-critical information, as well as compliance with data protection laws.

Email Security with mimecast

Which emails need to be archived?

The email archiving obligation states that companies must retain certain emails in order to prove their legal responsibility and business activity. According to HGB (§ 238 para. 2), you must therefore archive all emails (including data attachments) that are relevant to business and correspond to a business or commercial letter. In addition, you are also obliged to archive emails with tax law reference according to AO (§ 147).

  • Orders and order confirmations
  • Delivery notes, delivery and freight documents
  • Bills
  • Complaint and termination letter
  • Contracts
  • Payment receipts
  • other documents relevant to accounting

The email archiving obligation covers incoming and outgoing emails. As an entrepreneur or managing director, you are responsible for complying with the email archiving obligation and in the event of a breach of this obligation, you must face legal consequences. To ensure that all required email is properly archived, it is recommended that you implement an automated, modern email archiving solution.

Email archiving obligation guidelines

In principle, the same legal conditions and regulations apply to the archiving of emails as to business and commercial letters in paper format. The email retention obligation includes:

  • Completeness: All relevant emails must be archived to ensure a complete record of all business activities and customer communications.
  • Integrity: All archived emails must be kept in their original form to ensure the integrity of the information.
  • Accessibility: All archived emails must be easily accessible at all times to comply with legal requirements.
  • Privacy: All personal data must be protected in accordance with data protection laws when it is archived.
  • Retention period: All archived emails must be retained for a period of time determined by applicable law and industry regulations.

Email archiving obligation DSGVO

The General Data Protection Regulation (GDPR) requires transparent handling of personal data: from the creation, storage and processing to the deletion of data. Optimal archiving software helps you to comply with the GDPR requirements.

Right to information
(Art. 15 GDPR)

Right to erasure
(Art. 17 GDPR)

Right to data portability
(Art. 20 GDPR)

Right to object
(Art. 21 GDPR)

Which emails may not be archived?

There are some types of emails that you must not archive due to their sensitive or confidential nature. These include emails containing personal or financial data, medical information or legal documents. Likewise, you must not archive applicant data.

How to safely comply with your email archiving obligation

You must store emails in such a way that subsequent modification is not possible. This results in the need for archiving in an unchangeable format or on a tamper-proof data carrier. Simple file storage on servers or external storage media does not meet the legal and compliance requirements. Even common email programs cannot meet these requirements. In addition, electronic documents must be constantly findable, retrievable and machine-readable.

Email archiving options and providers

If you research email archiving providers on the internet, you will find a list of providers. The offerings vary in their features and focus and can be deployed locally or in the cloud. When looking for a solution that is ideal for you, the Gartner Magic Quadrant can be of help:

Gartner Magic Quadrant

The consulting firm Gartner has been studying the players and their positioning in important technology markets for many years. A Gartner Magic Quadrant is not a recommendation for specific vendors but the result of research and is intended to help companies get an overview of the position of vendors in a market. The graphical representation (quadrant) clearly shows the providers in four groups and shows the performance and suitability of the IT products and services. Gartner categorizes its vendors as follows:

  • „Leaders“ execute their offer well and are equipped for the challenges of tomorrow.
  • „Visionairies“ have a good sense of where market trends are going, but are not perfectly positioned in their current version.
  • „Niche players“ focus on small areas.
  • „Challengers“ meet today's requirements very well, but show no intention for market trends.
Mimecast has been a Leader in the Gartner Magic Quadrant for many years.

What email archiving brings you

The email archiving obligation goes beyond the IT department and affects the entire company, because all teams and departments send, process, receive and store email. Email archiving obligation must be located at the top of the company, because the company or managing director is liable for compliance.

A year-long leader in the Gartner Magic Quadrant, Mimecast delivers 10 key benefits of cloud email archiving:

  • Unlimited scalability
  • No acquisition of physical infrastructure
  • User-friendliness
  • Mobile capability
  • Risk reduction
  • Easy and fast search – near real-time
  • Simple and fast access to past content
  • fast recovery
  • Closing security gaps
  • Compliance regulations
Mimecast provides a secure and easy-to-use email archive in the cloud.

How email archiving works with Mimecast

Incoming emails (and associated metadata) are captured as they pass through the Mimecast Secure Email Gateway or through an email platform journal stream.

  • secure email gateway for incoming and outgoing emails
  • log of email traffic
  • synchronization of Outlook folder structures, calendar info and message references with LAN locally or directly via cloud synchronization
  • archive data is stored in triplicate, distributed across multiple data centers in a region, to ensure optimal failure and data security
  • e-discovery search and case management tools for administrators
  • employees can quickly search their personal archives from anywhere, even if they don't have access to their primary email systems

In this video you will learn, how Mimecast email-archive is working:

Integration into the existing corporate IT

Mimecast integrates securely and easily into your organisation and works with Exchange, Microsoft 365 or other applications. In this way, all teams and employees work as usual in "their" structure. Calendars and contacts can be synchronized into the archive and any email sent or received can be accessed via desktop or mobile app.

FAQ about email archiving

IT news straight to your inbox

Subscribe to the GRTNR newsletter now

Bodo Gärtner

We check whether your company falls under the NIS2 directive and help you implement the requirements on time.

Make an appointment