Latest release: GFI LanGuard – Now with the NEW web based reporting UI and greatly increased scalability for larger networks Learn more

GDPdU certification

Email is a central component of doing business, with entire transactions conducted via email exchanges. Emails often serve as business letters and so-called "commercial letters" and are also significant for taxation; therefore specific requirements regarding the processing and retention of corporate emails are being imposed.

The German Tax Code controls the requirements for tax-relevant emails. Pursuant to the Tax Code, tax-relevant emails must be retained for either six or 10 years. In addition, a detailed statutory regulatory requirement on data access of the German fiscal authority called GDPdU (broadly translated as "Generally Accepted Principles of Data Access and Auditability of Digital Documents") has been in effect in Germany for several years. According to this regulation, all emails with tax-relevant content are to be electronically retained for the duration of the statutory retention period and must be made available on request of the fiscal authorities.

As part of this, organizations must satisfy specific requirements regarding nature, format and process-ability of electronically retained emails. Arbitrary storage of emails in employees' individual mailboxes or a printout of tax-relevant emails are insufficient. Companies that have not adjusted their financial accounting to the new statutory requirements of GDPdU may be subject to substantial sanctions in their next tax audit. Exceptionally severe violations may result in an estimation of the tax basis as well as penalty payments and a fine on arrears that can amount to EUR 250,000.

Electronic archiving systems offer a compliance solution to the high demands of email retention regulations. Naturally, a technical solution alone does not lead to compliance: Compliance with retention requirements can only be achieved through a sound technical solution in combination with coordinated procedures and processes.

A valid technical solution is GFI Archiver for Exchange™, a tried and tested email archiving software product with thousands of customers. GFI Archiver 2011 has recently been GDPdU-certified by the law firm and IT specialist PRW, Munich, Germany and is also certified for use with SQL Express and NTFS as the archive store. This is great news for small and medium-sized enterprises, which may find SQL Server too expensive and unnecessary for their email storage needs. Thanks to its support for SQL Express and its automatic database creation feature, GFI Archiver is both cost-effective and quick to set up and configure.