EU GDPR

The Archive supports compliance with GDPR by providing a comprehensive solution for data retention and deletion. We retain all emails by default, and administrators can set policies to determine how long they want to keep them. In contrast with manual or user controlled archiving this eliminates the risk of user error, ensuring that customers can retain and delete emails according to GDPR requirements across all mailboxes.

The Archive also supports audited deletion, which is a requirement of GDPR. This means that customers can prove that all emails have been deleted when they are requested to do so, for instance during a Subject Access Request (SAR). In addition, the Archive provides a seamless process for deletion by removing emails from all user mailboxes when they are deleted from the archive.

Article 5 states:

“1. Personal data shall be:

(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’)”

(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

Article 17 states:

"1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay(...)"