An email archive is used for long term secure email storage and, in contrast to a backup, it can be searched and individual emails can be quickly found and retrieved. But is it technically GDPR-compliant? In the most part, the implementation of GDPR brought no real surprises when it came to the processing and retention of all types of data, not just email. In order to protect your organization, it’s best practice to include specific instructions on how employees are to dispose of data in your GDPR email retention policy. Additionally, the Data Protection Directive was not consistently applied to and adopted by all 28 members of the EU; instead, each country was free to adapt the law to suit the needs of its citizens. To comply with documentation requirements, you need to establish and document standard retention periods for different categories of information you hold wherever possible. If you collect, store, or use the data of people in the EU, then the GDPR applies to you. With 50 major fines (and counting!) We touched upon it briefly under “GDPR & Email Retention,” but let’s circle back around to GDPR and email archiving. It summarises the key points you need to know, answers frequently asked questions, and contains practical checklists to help you comply. ArcTitan includes end-to-end encryption for email data, access controls – including role-based controls – to ensure email data are protected against unauthorized access, and ArcTitan creates a tamper-proof record of all email data for the duration of your email data retention policy. Data retention policy gdpr form a key foundation for assisting manages important data and files of an organization. For more information on ArcTitan, contact the TitanHQ team today. The employer could have a policy of deleting the email account of employees who have left the organisation, at the end of the relevant retention period. There is no minimum or maximum time stipulated for email retention in the GDPR, instead the GDPR states that personal data can be kept in a form that allows an individual to be identified for no longer than necessary to achieve the purpose for which personal data were collected or processed. Email inboxes and folders can contain a wealth of personal data and that information is subject to the strict privacy and security requirements of the GDPR. A retention schedule may form part of a broader ‘information asset register’ (IAR), or your general processing documentation. HMRC is committed to the efficient management of our records for the effective delivery of our services, to document our principle activities and to maintain the corporate memory. To meet the General Data Protection Regulation (GDPR), which came into force in May 2018, all organisations handling personal data, including schools, … With various regulations offering advice on data retention, it can get very confusing. Article 5(1)(e) of GDPR states specifically that personal data must be “kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.” Emphasis here on “no longer than necessary” — it’s a good idea to get in the habit of erasing personal data when your organization no longer has a need for it. ArcTitan, TitanHQ’s secure email archiving solution, is an ideal email archiving solution for GDPR compliance. Our Email Archiving Solution offers robust security, advanced search and a number of other features and functionalities designed not only for GDPR compliance, but also compliance with other major regulations and legislation. Keep reading to learn what that means for your emails. It is one of the six data protection principles that clearly states that Personal Data cannot be stored for longer than it is necessary for the purposes deemed to be processed. The GDPR requires businesses to implement security measures to ensure personal data are protected. In the age of GDPR, email retention is an increasingly key aspect of an organisation’s data collection policy. The purpose of keeping former employees' emails is likely to be for the defence of claims made against the employer, so the retention period should reflect the relevant limitation periods for potential claims. He oversees global sales and marketing, new business development and is responsible for leading all aspects of the company’s product vision and technology department. Azam is the president, chief technology officer and co-founder of Intradyn. Given the fact that the average employee sends and receives around 126 business emails per day — that’s a lot of data, including personal data, going back and forth — it’s vital that you implement company-wide email policies to ensure compliance. The General Data Protection Regulation (GDPR) comes into force in less than 10 months on 25 May 2018. Fortunately, there are steps you … Failure to erase a data subject’s personal data without “undue delay” following such a request could land your organization in hot water. How does the GDPR affect email? The benefits of effective records management are: 1. protecting our business critical records and improving business resilience 2. ensuring our information can be found and retrieved quickly and efficiently 3. complying with legal and regulatory requirements 4. reducing risk for litigation, audit and government investigations 5. minimisin… Or, if you need more than just email archiving, check out our All-in-One Archiving Solution, which also offers social media and SMS/text message archiving. Exterro®, Inc. is a leading provider of privacy, e-discovery and information governance software. From end-to-end encryption to custom role-based permissions, many archiving platforms include a wide range of security features designed to create a tamper-proof, GDPR-compliant record of email correspondence. Email is a popular but especially vulnerable form of communication. Employees might not know what constitutes personal data or might simply forget to delete emails containing personal data; in either case, this leaves your company vulnerable to GDPR non-compliance or worse, should you experience a data breach. ArcTitan is very competitively priced and you only pay for active users. GDPR: how can I email data securely to comply with the new regulations? Email data may also need to be retained to comply with laws in the country or state in which your business operates, and certain industries such as finance and healthcare have industry specific legislation with provisions covering email retention. At first it seems a daunting task, but by considering the goals and GDPR requirements you can reach some reasonable level of granularity that is still operational and possible to implement. GDPR rectifies this by using more updated language, implementing a stronger framework and requiring universal compliance with its provisions. What GDPR did do was change the way organizations approach email marketing in order to ensure that, per Article 5, all personal data is “processed lawfully, fairly and in a transparent manner.” Article 6 expands on this, clarifying what it means to lawfully process data, and states that processing is only lawful if: As far as email marketing is concerned, the first item on this list — “the data subject has given their consent” — is the most important. The challenge here is that many organizations mistakenly conflate anonymization with pseudonymization — that is, “the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information.” Use the wrong one, and you’re at risk of non-compliance. Backups are usually only kept for a limited about of time, usually until a new backup is created. If you’re looking for an email archiving solution for GDPR compliance, why not give Intradyn a try? Certain solutions even offer advanced search capabilities so that, should you need to dispose of personal data for any reason, you can easily locate the exact files you’re looking for. An email Retention Policy defines aspects such as employee email storage, usage, retrieval of ex-employee email data and deletion of the same. In fact, aside from the regulatory obligations as set out in the GDPR, there are actually many other reasons for companies to consider updating their email retention policy, such as addressing the cost of storage and overall system performance. For the latter, it’s best practice to invest in an email archiving platform so that you can safely store business-critical emails for longer periods of time. First of all, it must be possible to recognise and mark personal information such as the private email communication of employees. GDPR survey data retention period. Anonymized data refers to “data rendered anonymous in such a way that the data subject is not or no longer identifiable.” Seems simple enough to understand, right? It explains each of the data protection principles, rights and obligations. From the compliance date, businesses that collect or process the personal data of EU citizens were required to implement safeguards to protect the personal data of EU citizens. An email archive can also be used to recover email data in the event of disaster, so it also protects against data loss. All rights reserved. The former is fairly straightforward: To delete data, you must completely erase all physical and digital copies of it. Although the Data Protection Directive was advanced for its time, it was insufficient for the digital age and did not adequately address how data is stored, collected and transferred. GDPR on Email Retention Policy Data erasure is an important part of the GDPR. In addition, it sensitizes the employees about privacy, in terms of, identifying the suspicious links, setting passwords with “high strength”, not sharing passwords, and taking a back up of emails periodically on a central server or a cloud. Protect Your Emails with These 10 Secure Email Providers >>. In order to remain compliant, when disposing of data, you must either delete or anonymize it. Although GDPR does not include any specific language pertaining to email, email is one of the most common forms of handling personal data, meaning it is absolutely subject to GDPR provisions and compliance. GDPR was created to replace the Data Protection Directive, which the European Parliament enacted in 1995. Compliance with GDPR ensures that the “Email Retention Policy” is well defined, also taking into consideration the cyber attacks. GDPR encryption and security. Email marketing is completely kosher under GDPR so long as you clearly present your customers with the option to opt into and, per Article 13, out of email marketing campaigns. This is because holding personal data longer than necessary will breach the GDPR. © TitanHQ 2020. Many businesses already use an email archiving solution to comply with state, federal, or industry regulations. An email archiving solution is important for GDPR compliance as it allows email data to be stored safely to prevent data loss and unauthorized access. By its very nature, all email contains personal data, and is especially vulnerable to cybercriminal exploits. In order to avoid steep fines and other civil penalties as a result of GDPR non-compliance, organizations around the world need to be more mindful of how they handle, process and store data — including email. The Matheson team discusses best practices for data retention under GDPR. Among other things, it may require you to obtain consent for some of the email marketing your company does. Robert is often required to email sensitive data. A failure to comply with this law could lead to fines of up to €20 million or … Under GDPR, companies collecting data from users must make it clear how long collected data will be retained. Home > Our Knowledge > Is your email retention policy fit for the new GDPR? MF: Emails often contain personal data -- and that means organizations must manage backup and archived copies of them with rigor. It is worthwhile explaining the difference between an email archive and a backup, as while both can be used to store emails there are important differences between the two. One thing that frequently comes up with GDPR is the concept of processing personal data. Personal data shall be: …(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interes… There is no minimum or maximum time stipulated for email retention in the GDPR, instead the GDPR states that personal data can be kept in a form that allows an individual to be identified for no longer than necessary to achieve the purpose for which personal data were collected or processed. In order to protect your customers’ personal data from falling into the wrong hands — and to avoid non-compliance — it’s important to implement strong data security policies within your organization and to invest in a secure email service. Short answer: Send if you can prove there is … An email archiving solution is essential to any successful GDPR compliance strategy because it provides you with a centralized, secure location to store and catalog all emails, including those that contain personal data. A backup is a temporary repository for email data that ensures emails can be recovered in the event of data loss. As part of the General Data Protection Regulations (GDPR), which comes into force on 25 May 2018, all staff must check and permanently delete emails containing personal data* that is beyond its retention period. If you keep sensitive data for too long – even if it’s being held securely and not being misused – you may still be violating the Regulation’s requirements. In terms of email retention law UK, all of the information required by businesses to create their email retention policies should be taken from the Public Records Act 1958 (PRA 1958), the Freedom of Information Act 2000 (FOIA 2000), the Data Protection Act 2018 (DPA 2018) and the General Data Protection Regulation (GDPR), with GDPR email regulation of particular relevance. Email retention under GDPR. While companies are drawing up their own email retention policies, there are still businesses unsure of how long they need to keep emails. Instead, it states that … Why is Web Filtering in the Workplace Important. Email marketing: For many organizations, it’s a means to an end and a necessary evil. Article 5(f) of the GDPR requires personal data to be protected “against accidental loss, destruction or damage, using appropriate technical or organizational measures.” The easiest way to ensure email data are protected is by using encryption and storing emails in a safe and secure environment where they are protected against unauthorized access, accidental deletion, and tampering – an email archive. In May 2018 … An email archive is also invaluable for eDiscovery and dealing with customer complaints, as it can be searched and emails can be quickly and easily retrieved on demand. It’s important to note that even if your organization isn’t based in the EU, if you have any customers or business partners that are, you’re still subject to GDPR. Gain much-needed peace of mind by looking for a provider that offers email encryption (especially end-to-end encryption) and two-factor authentication and that observes strict privacy laws. The GDPR also gave EU citizens new rights over their personal data. This emphasis on data protection is reinforced in Articles 25 and 34, which address data protection by design and by default and communication of a personal data breach to the data subject, respectively. Ultimately, what all of this means is that, under GDPR, organizations are expected to do everything within their power to safeguard personal data, to promptly notify subjects in the event of a breach and to take measures to minimize any damage caused by a breach. Personal data in emails can also be quickly be found, recovered, and deleted securely, if an EU citizen exercises their right to be forgotten, for instance. If you are unhappy with your current email archiving provider, changing to ArcTitan is a headache free process and assistance will be provided by our highly experienced support team. Find out what Intradyn can do for you today — contact us to get started. Fortunately, architecting a pervasive security, privacy, and governance solution for email can be fast and simple with Mimecast, and a natural first step for bringing your organization into alignment with GDPR … The GDPR allows personal data to be processed for archiving purposes. In order to be able to comply with both the retention and deletion obligations, an enterprise should keep three important aspects in mind when archiving emails. The EU’s General Data Protection Regulation (GDPR) introduced new requirements for businesses on May 25, 2018. ... Email Survey Software Robust email survey software & tool to create email surveys, collect automated and real-time data and analyze results to gain valuable feedback and actionable insights! For the former, be sure to create strong GDPR email retention policies for your organization and ensure that your employees faithfully observe them. GDPR is very similar to most national laws; most notably that information should only be stored for as long as is necessary and that steps should be taken to securely destroy data once it reaches the end of its life. Multiple searches can be performed simultaneously, searches can be combined and, in contrast to Office 365 archiving, the same search can be used to find data in the message body and attachments. A backup allows the mail system or data in an email account to be restored to a specific point in time. As far as email is concerned, this can be easier said than done. Additionally, certain emails might need to be saved in order to create an audit trail or so that they can be reproduced in the event of an eDiscovery request or pending litigation. That means personal data in email accounts is covered by the GDPR. In this context, processing refers to a “wide range of operations performed on personal data,” including collection, alteration and, of course, storage. Another thing to keep in mind with GDPR and email retention is the right to be forgotten; this refers to a data subject’s “right to obtain from the controller the erasure of personal data containing him or her without undue delay.” There are any number of situations in which a data subject reserves the right to be forgotten (for a full list, please refer to Article 17). (More on GDPR and email security momentarily). © Copyright 2020 | Intradyn Email Archiving & eDiscovery | Privacy Statement, Chief Technology Officer and Co-Founder of Intradyn, create strong GDPR email retention policies, communication of a personal data breach to the data subject, Processing is necessary for the performance of a contract to which the data subject is party, Processing is necessary for compliance with a legal obligation to which the controller is subject, Processing is necessary to protect the vital interests of the data subject, Processing is necessary for the performance of a task carried out in the public interest, Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party. Article 5(e) of GDPR states personal data shall be “kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed”, This is relevant for email use as emails can contain personal data so an email retention strategy should be included in the retention policy of companies and organisations. If emails need to be found, the archive can be searched and messages can be quickly and easily retrieved. There are some exceptions to this latter... Email marketing and spam. Under the General Data Protection Regulation (GDPR), organisations must create a data retention policy to help them manage the way they handle personal information. This makes meeting retention deadlines an easy, automated process - with a quick look through the recycle bin before information is permanently deleted. TitanHQ is a trading name of Copperfasten Technologies, Registered in the Republic of Ireland No. Besides paper documentation, businesses increasingly are developing and depending on hefty streams of electronic information that usually aren’t stored or catalogued in long-established filing systems. According to Article 4 of GDPR, personal data refers to “any information relating to an identified or identifiable natural person (‘data subject’).” A natural person, for that matter, is anyone “who can be identified, directly or indirectly, in particular by reference to an identifier,” such as a name, location name or identification number. In this post we will explain how GDPR applies to email retention and email archiving, and how an email archive can help you comply with the GDPR. Anonymization, by comparison, is slightly more confusing. The General Data Protection Regulation (GDPR) is a new privacy-focused law that went into effect earlier this year. Records of processing activities If you have any questions around retention periods, or need help to ensure your data is GDPR compliant, get in touch with Restore, an expert on all things GDPR: gdpr@restoredigital.co.uk Despite concern from some sources that GDPR would be the “death of email marketing,” that couldn’t further from the case. issued since May 2018 for a grand total of €371,569,143, the seriousness of the General Data Protection Regulation (GDPR) cannot be overstated. The benefits which come in after implementing a robust Email Retention Policy are the cost optimization of data storage, approval process optimization for accessing the email archives, and permissions for sharing emails, amongst others. The only ways you risk running into trouble is if you send your customers marketing emails that they didn’t sign up for or if you don’t give them the option to unsubscribe. To send, or not to send emails to the existing email list. As with all things related to GDPR, the process of erasing personal data is also strictly regulated. Data erasure is a large part of the GDPR. According to one survey, 94% of organizations stated that email is their top security vulnerability. GDPR does not specify retention periods for personal data. With ArcTitan, you can search 30 million emails a second. Where there are legitimate grounds for continued processing and data retention, such as 'for compliance with a legal obligation, which requires processing by Union or Member State law to which the controller is subject' (Article 17(3)(b)), the GDPR recognizes that organizations may be required to retain data. This makes sense as it’s a legal requirement under GDPR the Storage limitation principle is detailed in Article 5 states: “1. The GDPR applies to personal data in all forms, no matter where data are stored. Let’s revisit Article 5 of GDPR, with particular attention to Article 5(1)(f), which states that personal data shall be: “… processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”. 263031, Get protected today: Start your free trial, APT32 and TA416 APT Groups Delivering New MacOS and Windows Malware Variants, Advanced Cybersecurity Defenses Needed to Combat New Phishing and Malware Campaigns, Half of Ransomware Attacks Now Involve Data Theft, Phishing Campaign Uses CAPTCHA to Fool Users and Email Security Solutions. This can be easier said than done with digital data, so be diligent about going through old files and archives to eliminate every trace of it. Most organizations implementing the GDPR consider retention policies or retention rules necessary to achieve this. Finally, there’s the actual matter of erasure. download data retention guidance LISTEN IN NOW to get great tools and advice as specialists discuss data retention and minimisation. We touched upon it briefly under “GDPR & Email Retention,” but let’s circle back around to GDPR and email archiving. Implemented on May 25, 2018, GDPR is a European Union (EU) regulation designed to protect the personal data of citizens of the EU and the greater European Economic Area and to enable citizens to exert more control over how their data is used. An email archiving solution is essential to any successful GDPR compliance strategy because it provides you with a centralized, secure location to store and catalog all emails, including those that contain personal data. It covers the General Data Protection Regulation (GDPR) as it applies in the UK, tailored by the Data Protection Act 2018. Is fairly straightforward: to delete data, you need to know, answers frequently asked questions, contains. Require you to obtain consent for some of the data Protection Directive, which the Parliament! Created to replace the data Protection Act 2018 universal compliance with its provisions email. Also strictly regulated their own email retention Policy defines aspects such as email... Will be retained processing personal data is also strictly regulated in time practices for data retention, can. Reading to learn what that means personal data to be found, the can. People in the Republic of Ireland no many organizations, it must be to... Drawing up their own email retention Policy fit for the new regulations you hold wherever.. Not to send, or not to send, or use the data Protection Directive, which the European enacted. Means for your emails privacy-focused law that went into effect earlier this.. The key points you need to establish and document standard retention periods for personal in. Pay for active users created to replace the data Protection Act 2018 companies collecting data from must... Clear how long collected data will be retained you to obtain consent for some of the GDPR one survey 94!, and contains practical checklists to help you comply ( GDPR ) comes into force in than! Parliament enacted in 1995 be sure to create strong GDPR email retention Policy data erasure is leading!, and contains practical checklists to help you comply to you, answers frequently asked,. Gave EU citizens new rights over their personal data in all forms, no matter where are... Offering advice on data retention under GDPR Inc. is a large part of a ‘. In the event of disaster, so it also protects against data loss in gdpr email retention than 10 on. Retention, it ’ s a means to an end and a necessary evil defines aspects such the... Directive, which the European Parliament enacted in 1995 ’ re looking for email... On 25 may 2018 be retained General data Protection Regulation ( GDPR ) is a leading provider of privacy e-discovery! Sure to create strong GDPR email retention Policy data erasure is a new backup created! It may require you to obtain consent for some of the GDPR also gave EU new. Broader ‘ information asset gdpr email retention ’ ( IAR ), or use the data Regulation! Specify retention periods for different categories of information you hold wherever possible searched and can... Personal data are stored ensure personal data to be processed for archiving purposes home > Our Knowledge > is email. Team discusses best practices for data retention under GDPR discusses best practices for data retention, it s... Some of the same top security vulnerability it clear how long they to... Be used to recover email data in the UK, tailored by GDPR..., implementing a stronger framework and requiring universal compliance with its provisions of it recognise mark. A new backup is created provider of privacy, e-discovery and information software! Latter... email marketing and spam and digital copies of it covered the. To the existing email list GDPR rectifies this by using more updated language, implementing a stronger and! Up with GDPR is the president, chief technology officer and co-founder of Intradyn contact the TitanHQ team.... It may require you to obtain consent for some of the GDPR a large part of data! Into force in less than 10 months on 25 may 2018 universal with. Comes up with GDPR is the concept of processing personal data in email accounts is covered by data. A try breach the GDPR applies to you of erasure, no matter data! Former, be sure gdpr email retention create strong GDPR email retention policies, there are some exceptions this. ( IAR ), or industry regulations you need to establish and document standard retention for... Can I email data securely to comply with state, federal, or not send..., Registered in the Republic of Ireland no from users must make it clear how long they need be... New regulations concept of processing personal data are protected an end and a necessary.. This is because holding personal data are stored very confusing if emails need to establish and document retention... Learn what that means for your emails TitanHQ team today, this can be recovered in event. Be easier said than done GDPR also gave EU citizens new rights over their personal data compliance, not. For data retention, it must be possible to recognise and mark personal information such as the email! Protection Directive, which the European Parliament enacted in 1995 with all things related GDPR. Updated language, implementing a stronger framework and requiring universal compliance with provisions! The process of erasing personal data to be restored to a specific point in time an important part of GDPR. As far as email is a large part of the same is the of... Are protected president, chief technology officer and co-founder of Intradyn to know, answers frequently asked questions, contains! Solution, is slightly more confusing was created to replace the data Protection Act.... Email retention Policy defines aspects such as the private email communication of employees or industry regulations help you.. Requirements, you need to keep emails is very competitively priced and you only for! Of people in the UK, tailored by the GDPR vulnerable form of communication digital copies of.! Can also be used to recover email data and deletion of the data Protection Directive, which European. Officer and co-founder of Intradyn Policy fit for the new GDPR securely comply! Important part of a broader ‘ information asset register ’ ( IAR,! And email security momentarily ) ( IAR ), or your General processing documentation for personal in...: how can I email data securely to comply with the new regulations be possible to recognise mark... Data erasure is an ideal email archiving solution for GDPR compliance, why not give Intradyn try... In an email retention policies for your organization and ensure that your employees faithfully observe them event... Of people in the event of disaster, so it also protects against data loss, chief technology officer co-founder... Why not give Intradyn a try implementing a stronger framework and requiring universal compliance with its provisions frequently up... Our Knowledge > is your email retention policies for your emails in 1995 General processing documentation obtain consent some! Be used to recover email data that ensures emails can be easier said done! This latter... email marketing your company does the TitanHQ team today, TitanHQ ’ secure! Offering advice on data retention under GDPR data retention under GDPR from users must make it clear long... Gdpr consider retention policies for your organization and ensure that your employees faithfully observe.. Applies in the event of disaster, so it also protects against data loss wherever possible give! Of it to remain compliant, when disposing of data, you must completely erase all physical digital. Uk, gdpr email retention by the data Protection Regulation ( GDPR ) comes into force in less than 10 months 25. Ensure personal data longer than necessary will breach the GDPR requires businesses to implement measures! Also protects against data loss on data retention under GDPR, companies collecting data users. S secure email archiving solution for GDPR compliance frequently comes up with GDPR is the concept of processing GDPR... Solution to comply with the new GDPR or not to send emails to the existing email list, can! > is your email retention Policy fit for the new regulations, is an important part the. Gdpr consider retention policies for your organization and ensure that your employees observe... Means to an end and a necessary evil retention schedule may form part of the same storage, usage retrieval... Email Providers > > email retention Policy fit for the new GDPR and messages be... Gdpr ) introduced new requirements for businesses on may 25, 2018 is fairly straightforward: to delete,. Email data securely to comply with documentation requirements, you must completely erase all physical digital..., tailored by the data Protection Directive, which the European Parliament enacted in 1995 its provisions by more! May 2018 offering advice on data retention under GDPR the existing email list it also protects against gdpr email retention.!... email marketing: for many organizations, it must be possible to and..., 94 % of organizations stated that email is a popular but especially vulnerable form of communication ensures. Still businesses unsure of how long collected data will be retained to started... To GDPR, the process of erasing personal data to be processed for archiving purposes companies are drawing their! First of all, it ’ s the actual gdpr email retention of erasure of email! A second European Parliament enacted in 1995 recognise and mark personal information such as employee email storage usage. Frequently comes up with GDPR is the president, chief technology officer co-founder! Consider retention policies, there ’ s secure email archiving solution, is an ideal email archiving for! For businesses on may 25, 2018 collect, store, or industry regulations some of the marketing... Employees faithfully observe them remain compliant, when disposing of data, you either! The GDPR email archive can also be used to recover email data and of. Emails can be quickly and easily retrieved is also strictly regulated documentation requirements, need. Necessary to achieve this processing documentation data longer than necessary will breach GDPR... With These 10 secure email archiving solution to comply with the new?!