The new EU General Data Protection Regulation (GDPR) has focused attention on how company e-mails should be processed to achieve GDPR compliance , especially those containing personal data relating to customers, suppliers and employees.
Nowadays e-mails are fundamental tools for any productive activity, no company can in fact disregard the use of this important means of communication. Precisely for this reason, companies are required to make numerous (or minimal, for the most virtuous and provident companies) changes to the current e-mail retention policies.
From a practical point of view, beyond the obligations imposed by law by the new GDPR Regulation, there are many reasons why updates of e-mail conservation policies are needed. Some examples can be, among the thousands of possible, the management of the cost of storage and the performance of the entire business management system.
Fill out the form to request a free GDPR consultation for your company
Do you want a free consultation to see if your company complies with the GDPR (Reg. 679/16)? Contact us or send a request by filling out the form on the side to request a contact from our experts, you will be notified of the most critical issues and solutions to solve them without any commitment.
Contact us for your company’s GDPR compliance, we will send you a detailed quotation tailored to your specific needs.
Below is a 5-point checklist to avoid making mistakes:
1.Define precise rules for managing corporate emails and remember to motivate them, not everyone knows what to do about GDPR compliance
Why do you suddenly want to have a systematic approach to the way you manage e-mails within the company? How is this happening? Does your company adopt automatic processes or manual procedures? What is the current plan? From when? What is saved and what is not?
2.Remember to distinguish between private and business emails
Perhaps private e-mails are not even provided by your corporate e-mail system. If they are, you have to be very careful. Specific procedures are required for the management of private e-mails. And no matter what, you need to inform your employees.
3.Define who can access a corporate email, in addition to the sender and recipient
A shared email archive offers many advantages. Allowing everyone to access any e-mail in the company is inconvenient for the people involved, as well as being illegal. E-mails potentially contain personal data and, for GDPR compliance, it is good to restrict access to a restricted circle of users who need to know the contents.
4.Describe how company emails are handled when people leave your company
A company mailbox cannot be left unattended when an employee, for example, leaves the company. What happens to the emails stored in the mailbox? And to the new messages? Describe in detail how information is handled in cases like this.
5.Make the email policy an integral part of your business setup
All of the above must be made an integral part of your work setup, from your employees’ manual to your employment contracts. And don’t forget to communicate these updates to your employees, explaining the reasons.