E-mail archiving - More than just a duty for self-employed persons and companies

In many companies, email archiving is still a topic that receives too little attention. Yet e-mail has become the most important medium of communication. It is easy to use, easy to manage and in principle costs little or no money.
Archiving commercial e-mails is required by law, but it also ensures data security and thus prevents data loss. E-mail archiving can also be useful in the event of a legal dispute, if the e-mails have been stored in a change-proof manner.

Archiving e-mails can also relieve the mail server if it can then delete the old e-mails because they have already been backed up.
The Federal Ministry of Finance has regulated the requirements for IT-supported bookkeeping in the GoBD (Principles for the Proper Keeping and Retention of Books, Records and Documents in Electronic Form, as well as for Data Access) in order to create a uniform regulation and legal clarity for all companies.
The GoBD applies not only to companies that are required to keep accounts, but also to self-employed persons, freelancers and small businesses that are not required to keep accounts.
This means that anyone who sends or receives commercial e-mails is obliged to archive tax-relevant e-mails.

The managing director is responsible for compliance with the GoBD, even if such areas of responsibility have been outsourced to a tax consultant, a computer centre or other third parties.
Compliance with the GoBD is controlled by the tax office and their auditors.

Which e-mails have to be backed up and which do not?

In order to meet the requirements of the GoBD, all documents relevant to tax law must be stored in a change-proof manner. This also applies to emails such as offers, invoices, order confirmations and commercial letters.
In addition, the statutory retention periods also apply to e-mails. Business documents in the form of emails must be stored for six to ten years.
It is not necessary to archive spam mails, newsletters and advertisements, unless a contract is concluded as a result of the advertisement.
Private e-mails must not be archived. This can be prevented by prohibiting the private use of company e-mail addresses. In return, the use of external services such as web.de, GMX or GMail can be permitted.

Storing private e-mails without consent is a violation of the Telecommunications Act.
Alternatively, the employee's permission to archive private e-mails can be obtained through a company agreement. In addition, e-mails from and to a works council or a company doctor may not be archived, as these have an increased need for protection.

Isn't it enough to simply back up the e-mails?

No! A backup of the mail server or the emails of the work computers is not sufficient archiving according to the GoBD principles. The emails in the backup are neither signed nor protected against manipulation.

What are the requirements for legally compliant archiving?

The emails in the archive must be

• Completeness
• Correctness (unchanged)
• Timeliness (time stamp)
• Unalterability (signature)
• Order (assignable to e-mail address)
• Traceability

have to be available. In addition, they must be retrievable and machine-readable at any time. If the emails in the archive are encrypted, they must be decrypted before they are output - and it must also be possible to export them in this way. It is important that not only the e-mail itself is archived, but also the metadata of an e-mail.

So if you want to buy an e-mail archiving solution, you should first analyse how large your e-mail volume is, so that the solution is neither too expensive nor too small after only three months.

The use of a VM solution or a separate archiving server is suitable for small to medium-sized companies. Depending on the email volume, a cloud-based solution can also be considered.

Many archiving solutions can be easily scaled based on the archived email addresses. This also ensures that you only pay as much as you need to.

Note: This article does not constitute legal advice, but is intended to provide basic information. If you have any questions or problems, you should consult a legal expert.