E-mail archiving

Reasons for e-mail archiving

Time and again, the assumption is that the only purpose of complying with the legal obligation to archive e-mail is the legal necessity. In addition to increased efforts and the associated workload for companies, the real benefits are not always seen. In fact, however, archiving makes a lot of sense and is also of considerable benefit to the company itself. In the event of legal disputes, complete documents are available which, if necessary, may have a demonstrable character. From an entrepreneurial point of view, archived e-mails offer protection and security against the loss of customer data and at the same time provide an overview of all relevant processes that are always available.
A company’s IT department also benefits from a mail archive. Administrative processes in the background are automated according to fixed rules and do not affect the workflows of the employees.

Target group for the obligation to archive

There is often a presumption that all persons who issue invoices are also obliged to archive e-mails. This is not the case. Accounting and tax requirements require compliance with corporate guidelines. There is a legal obligation to archive all business e-mails that are sent by a company or sent to the company. The size of the company does not matter. Small businesses are as much subject to archiving as large corporations.
So-called non-merchants, such as freelancers and small business owners, do not have to archive their business e-mails. The basis for the obligation to archive can be found in the German Commercial Code (HGB), the Tax Regulations (AO) and the GoBD.

Definition E Mail Archiving Small Business

The E-mail Archiving Act 2017 is binding on companies and defines the legal deadline for retaining e-mails. The associated mandatory long-term archiving of digital business documents is part of proper accounting. The requirements for legally secure email archiving are justified in the GoBD. These shall indicate the principles that reflect the proper handling of electronic records, books and documents, as well as their access to the data.
The removal of business documents that are transferred via e-mail is required for a period of six to ten years. This e-mail archiving obligation covers all correspondence that takes place in the business sector, starting with non-binding offers, through the confirmation of orders to the final invoicing. If required, e-mail archiving Allows GoBD software to provide a convenient solution that particularly benefits small and medium-sized enterprises. The corresponding audit-proof e-mail archiving is made possible as an automated process.

Private mail at work

Archiving mails can be problematic in relation to purely private correspondence. On the one hand, the employer must maintain a mail archive that fully records the complete business e-mail correspondence. On the other hand, there is the protection of the privacy of the respective employees. As a result, saving private e-mails is not permitted, as is the deletion or reading of such e-mails.
A company essentially has two ways to deal with private mail in the work context. It may expressly and completely prohibit the use of corporate e-mail accounts for private purposes. Another option is to avoid automatic mail archiving. This means that employees must automatically transfer official e-mails from their accounts to the archive, thus separating incoming private and professional e-mails. In the regular day-to-day life of a company, the prohibition of private e-mail correspondence has been the rule since 2017. The solution with the independent separation of the mails by the employees would be associated with a high degree of uncertainty for the company.

X-invoice and e-mail archiving

Those who deal with the archiving of e-mails are usually also concerned with the legally secure handling of electronic invoices. While the classic PDF invoice is still widely used in companies, from November 2020 the legal obligation for electronic invoicing in the form of x-invoicing will be in place. In the case of PDF format, there is no legal certainty within the meaning of the underlying EU directive. The XInvoice is a standard here, which offers the option of further processing of relevant invoice data. The X-invoice enables a federally uniform form of electronic invoice, which can be sent by e-mail.
However, archiving the invoice alone is not sufficient. In order to be able to adequately map and understand business processes, the e-mail in which the invoice is sent must also be archived in its entirety.

What does audit-proof archiving mean?

The GDPR (General Data Protection Regulation) has been in place since May 2018. It is valid throughout Europe and contains numerous requirements for data handling on a transparent basis. The E-mail Archiving GDPR provides for the obligation to provide information about personal stored data.
The legal GoBD requirements for mail archiving determine more complex solutions than, for example, archiving outlook mails via file storage on the hard drive. Even a printout of the mail in paper form does not comply with the guidelines. The key is archiving, which guarantees that the e-mails cannot be changed and are stored in their original state. One option here, for example, would be a solution in the form of a cloud archive system that allows both the management of documents and the accounting guidelines. The legislator does not define uniform requirements for the place of archiving, but it does define requirements for the way in which it is stored.

The data must therefore be:
– complete,
– available at any time,
– protected from manipulation and
– be machine-evaluable.

What needs to be archived?

When archiving electronic data, the laws on the retention of tax-relevant documents and the principles of proper accounting are relevant for companies. In principle, all books and records that are important for taxation must be archived. This includes, for example, all annual financial statements, consisting of balance sheets and profit and loss accounts, received and sent commercial and business letters, management reports and accounting documents. All stored documents are subject to tax and commercial retention periods.

Retention periods for documents

The aforementioned retention periods for all archivable documents are usually ten years. On the other hand, offers with order processes, consignment notes and delivery notes as well as payslips for intermediate, final and special figures only have to be archived for six years.

Why is document security so important?

When documents and emails are at the heart of all related business processes, it is especially important to protect them from loss, theft and destruction. Many companies break the law when archiving data and documents, resulting in data loss, security leaks, and lawsuits.
Companies can avoid most of these problems – as long as they implement strict security standards, meet the legal requirements for archiving and, perhaps most importantly, ensure the security of their documents with the help of professional archiving.

Some myths at the end

Some myths persist when it takes a look at the variety of e-mail archiving policies. Enlightenment is essential here in order to avoid mistakes and to prevent long-term misunderstandings.

The e-mail server is sufficient to archive e-mail

This assumption is wrong. The server does not store permanently, does not provide any forgery security and does not protect against tampering.

A backup replaces e-mail archiving

That is not the case. A back-up is performed at specific times and contains the content that exists at the time. It is not legally secure because it does not collect content that is subsequently modified or even deleted. A back-up is just a useful addition to archiving.

Every company must encrypt its mail archive

No, it doesn’t have to. Encryption is certainly useful to protect sensitive data, but lawmakers do not require an encrypted form of e-mail storage.

Without exception, every e-mail must be archived

That would be useless and unhelpful. All mails that involve business processes and customer contacts must be archived. Spam, promotional emails and newsletters are not included. If they pass through the most common spam filter, they may be deleted without any problems.

E-mail archiving solutions must be GoBD certified

This is not necessary. There are a large number of solutions from a wide range of vendors, each of which is suitable for legally secure archiving. The legislator does not provide for any special certification for this purpose.