As soon as a significant portion of your business procedures involve computers, or you even store private personnel or customer information, you are no longer operating in a legal vacuum. There are now many laws and regulations on data protection, archiving and recall for auditing purposes. Even your bank may ask for your data security strategy as part of its loan application process holding your management responsible in case of negligence.
Data security is a management task.
It is recommended to charge a person or team with the responsibility for IT security and legal compliance.
Data protection
Any business with more than 4 employees who are entrusted with the collection, processing or use of private information is obliged by law to appoint a privacy/data protection officer. Employees who are entrusted with customer data, are processing credit card payments or are using a personal email account are part of this group. The company should consider whether to appoint internal or external privacy/data protection officers.
Archiving
We will only refer to the legal aspects here, not the potential financial losses and damaged reputation you may incur through data loss. For external audits, companies are obliged to archive financial data for up to 10 years. In compliance with the GDPdU (principles of data access and verifiability of digital documents), archived original data must be complete, correct and easy to analyze. (-> GDPdU-interface)
The applicable law also requires companies to archive original emails related to accounting or product and company liability, or where industry-specific regulations require it.
How, by the way, do you archive your emails?
Please contact us if you have any questions regarding these topics.