Email Archiving in the Home Office

84 percent of the companies surveyed by the ifo Institute in Munich plan to integrate remote working into their work culture in the long term. To achieve this, all processes associated with remote working should function smoothly. This also means that all documents and resources must also be available to employees working from home. Email archiving plays a crucial role here. This is because the correct archiving of electronic messages not only ensures compliance with legal regulations, but also protects against data loss and improves the traceability of business processes. In addition, efficiency within the company can be increased by facilitating the search and recovery of emails.

The communication tools within the company play a key role here. Although email remains the most important means of communication in the business environment, video conferencing and instant messaging services are also popular, especially for urgent requests. Nevertheless, companies must ensure that all communication channels comply with legal requirements and are used securely.

Business communication needs clear guidelines

However, caution is required here, especially for employees. Certain content should only be sent via the appropriate channel in accordance with legal requirements. Companies are legally obliged to store documents relevant to tax and commercial law – including in electronic form – in full and in an accessible format for a prescribed period of time. In Germany, the GoBD (principles for the proper keeping and storage of books, records and documents in electronic form and for data access) regulate the requirements to be observed. These include ensuring that archived data cannot be changed, is traceable and is complete.

Messages via instant messaging services do not meet these requirements as they are not tamper-proof or audit-proof. Companies should therefore clearly define which information their employees are allowed to exchange via which channels. As a rule, business-related correspondence should only be conducted via email. Private matters, on the other hand, should not be conducted via the company account, as companies often archive all incoming and outgoing emails as part of the so-called journal archiving process. If private emails end up in the archive, the company may come into conflict with data protection regulations, as personal information may not be processed and stored without a legal basis. However, companies can regulate the private use of company accounts with the help of internal IT guidelines or company agreements.

Ensure secure archive access

Archived emails need to be accessed from time to time, for example to restore data or to delete a customer’s personal information on request (Art. 17 EU GDPR). Employees working from home should therefore also have access to the archive. However, there is a problem here: in the office, the archive can be accessed directly via the company network. However, if access is requested from an external network, this is usually rejected for security reasons. There are two ways in which companies can circumvent this problem.

A virtual private network (VPN) establishes a secure, encrypted connection between the external PC in the home office and the local company network. This allows employees to access the archive from home, for example – as if they were on site. The second method is port forwarding. This involves forwarding the required server ports in the router or gateway, whereupon the requests to the company’s public IP address are automatically forwarded to the internal server. This also enables secure access to the archive.

Philipp Inger

is Lead Brand Content Writer at MailStore.