Interesting facts about e-mail archiving
E-mail is at the heart of business communication. There is hardly a document that is not sent by e-mail. The exchange of relevant business data between customers and companies has to be legally required since 2017. The e-mail archiving required here does not only refer to the e-mails themselves, but also to all file attachments that are sent with them.
Reasons for e-mail archiving
Time and again, the assumption is that the only purpose of complying with the legal obligation to archive e-mail is the legal necessity. In addition to increased efforts and the associated workload for companies, the real benefits are not always seen. In fact, however, archiving makes a lot of sense and is also of considerable benefit to the company itself. In the event of legal disputes, complete documents are available which, if necessary, may have a demonstrable character. From an entrepreneurial point of view, archived e-mails offer protection and security against the loss of customer data and at the same time provide an overview of all relevant processes that are always available.
A company’s IT department also benefits from a mail archive. Administrative processes in the background are automated according to fixed rules and do not affect the workflows of the employees.
Target group for the obligation to archive
There is often a presumption that all persons who issue invoices are also obliged to archive e-mails. This is not the case. Accounting and tax requirements require compliance with corporate guidelines. There is a legal obligation to archive all business e-mails that are sent by a company or sent to the company. The size of the company does not matter. Small businesses are as much subject to archiving as large corporations.
So-called non-merchants, such as freelancers and small business owners, do not have to archive their business e-mails. The basis for the obligation to archive can be found in the German Commercial Code (HGB), the Tax Regulations (AO) and the GoBD.
Definition E Mail Archiving Small Business
The E-mail Archiving Act 2017 is binding on companies and defines the legal deadline for retaining e-mails. The associated mandatory long-term archiving of digital business documents is part of proper accounting. The requirements for legally secure email archiving are justified in the GoBD. These shall indicate the principles that reflect the proper handling of electronic records, books and documents, as well as their access to the data.
The removal of business documents that are transferred via e-mail is required for a period of six to ten years. This e-mail archiving obligation covers all correspondence that takes place in the business sector, starting with non-binding offers, through the confirmation of orders to the final invoicing. If required, e-mail archiving Allows GoBD software to provide a convenient solution that particularly benefits small and medium-sized enterprises. The corresponding audit-proof e-mail archiving is made possible as an automated process.
Private mail at work
Archiving mails can be problematic in relation to purely private correspondence. On the one hand, the employer must maintain a mail archive that fully records the complete business e-mail correspondence. On the other hand, there is the protection of the privacy of the respective employees. As a result, saving private e-mails is not permitted, as is the deletion or reading of such e-mails.
A company essentially has two ways to deal with private mail in the work context. It may expressly and completely prohibit the use of corporate e-mail accounts for private purposes. Another option is to avoid automatic mail archiving. This means that employees must automatically transfer official e-mails from their accounts to the archive, thus separating incoming private and professional e-mails. In the regular day-to-day life of a company, the prohibition of private e-mail correspondence has been the rule since 2017. The solution with the independent separation of the mails by the employees would be associated with a high degree of uncertainty for the company.
X-invoice and e-mail archiving
Those who deal with the archiving of e-mails are usually also concerned with the legally secure handling of electronic invoices. While the classic PDF invoice is still widely used in companies, from November 2020 the legal obligation for electronic invoicing in the form of x-invoicing will be in place. In the case of PDF format, there is no legal certainty within the meaning of the underlying EU directive. The XInvoice is a standard here, which offers the option of further processing of relevant invoice data. The X-invoice enables a federally uniform form of electronic invoice, which can be sent by e-mail.
However, archiving the invoice alone is not sufficient. In order to be able to adequately map and understand business processes, the e-mail in which the invoice is sent must also be archived in its entirety.
Legally secure archiving
The GDPR (General Data Protection Regulation) has been in place since May 2018. It is valid throughout Europe and contains numerous requirements for data handling on a transparent basis. The E-mail Archiving GDPR provides for the obligation to provide information about personal stored data.
The legal GoBD requirements for mail archiving determine more complex solutions than, for example, archiving outlook mails via file storage on the hard drive. Even a printout of the mail in paper form does not comply with the guidelines. The key is archiving, which guarantees that the e-mails cannot be changed and are stored in their original state. One option here, for example, would be a solution in the form of a cloud archive system that allows both the management of documents and the accounting guidelines. The legislator does not define uniform requirements for the place of archiving, but it does define requirements for the way in which it is stored.
The data must therefore be
– available at any time,
– protected from manipulation and
– be machine-evaluable.
Some myths at the end
Some myths persist when it takes a look at the variety of e-mail archiving policies. Enlightenment is essential here in order to avoid mistakes and to prevent long-term misunderstandings.
1) The e-mail server is sufficient for archiving e-mails.
This assumption is wrong. The server does not store permanently, does not provide any forgery security and does not protect against tampering.
2) A back-up replaces e-mail archiving.
That is not the case. A back-up is performed at specific times and contains the content that exists at the time. It is not legally secure because it does not collect content that is subsequently modified or even deleted. A back-up is just a useful addition to archiving.
3) Each company must encrypt its mail archive.
No, it doesn’t have to. Encryption is certainly useful to protect sensitive data, but lawmakers do not require an encrypted form of e-mail storage.
4) Without exception, every e-mail must be archived.
That would be useless and unhelpful. All mails that involve business processes and customer contacts must be archived. Spam, promotional emails and newsletters are not included. If they pass through the most common spam filter, they may be deleted without any problems.
5) E-mail archiving solutions must be GoBD certified.
This is not necessary. There are a large number of solutions from a wide range of vendors, each of which is suitable for legally secure archiving. The legislator does not provide for any special certification for this purpose.