Legally secure e-mail storage according to GoBD
On the 1. January 2017, the "Principles for the Proper Management and Retention of Books, Records and Records in Electronic Form and for Access to Data" (GoBD) will finally enter into force. This also includes the regulations for the legally compliant storage of e-mails and e-mail attachments, for which there are no longer any exceptions from the key date. The GoBD replaces all other provisions of the Federal Ministry of Finance (BMF), which were previously for the storage of business records. These are in detail the "Principles for data access and verifiability of digital documents" (GDPdU) as well as the "Principles of proper computer-aided accounting systems" (GoBS).
With the release of GoBD on 14. In November 2014, the BMF mainly took into account the fact that electronic data interchange, paperless bookkeeping and digitally stored documentation of all relevant business transactions is common in today's business environment of companies of all sizes and their scope will continue to grow in the future. E-mails are a special case in this context, and there are a few things to consider in order to comply with GoBD requirements.
Principles of e-mail storage and archiving
You do not need to archive a pure Christmas or birthday greeting to one or more business partners. However, as soon as an e-mail takes on the function of a business letter or a receipt, it must be stored in the same way as other documents according to the usual retention periods. The same applies to all attachments with tax relevance, ie invoices, offers, etc. If the text of the e-mail is only used as a cover letter with which an invoice, an offer or a delivery note is sent, it can be deleted. This can be compared to a letter envelope that is thrown into the wastepaper basket after the content has been removed. In this case, only the attachment is archived, but on which all mandatory information for a (sales) tax assessment must be recorded.
Constant availability and machine evaluation required
All e-mails subject to the filing obligation must, just like all other electronically generated documents and documents, including annexes, be available for review at all times, fully protected against tampering by third parties. You also have to ensure that the archived emails can be evaluated by machine. It is not enough, according to the regulations of the GoBD, to just print the documents and keep them in hardcopy. If you use an encryption method for the archiving of your e-mails, you are also obliged to provide unencrypted access for any tax audit. This ensures that the documents can be checked by full-text search and evaluated by machine.
Deadlines for e-mail storage
The retention period is six to ten years, depending on the tax relevance and type of e-mail. The period always begins with the expiration of the calendar year in which the e-mail was created. That means you have a letter from 2. January almost seven or eleven years have to archive, because the period begins on the next 1. January. For all companies and traders, these regulations represent the GoBD a not to be underestimated effort, because all invoices, trade letters, offers, delivery notes, etc. are kept according to GoBD and make available at any time on call. For this, sufficient resources must be made available.
The handling of private e-mails
Some companies allow their employees to use the company's own mail server or private e-mail provider. In this context, the question arises how to handle private messages related to storage. Employees may agree with a corresponding paragraph in the employment contract or internal agreement that their emails be archived. However, there may be privacy issues here because the privacy of external senders and recipients is also affected. Therefore, it is recommended that you ensure a strict separation of business and private emails or prohibit private correspondence on your servers in general.
Software solution or manual work?
A freelancer or a very small company may still be able to handle the tasks of e-mail storage "by hand". However, from a certain size of business costs and effort are no longer in a reasonable relation to the benefit. In this case, basically only a good and secure software solution that meets the criteria for legal certainty and allows machine evaluation and a full-text search helps. Such a software must fulfill at least the following five tasks. All incoming and outgoing e-mails must be fully recorded and saved. This is useful before the forwarding to the addressees. Furthermore, the archiving must be true to the original and without loss of information. Third, secure protection against manipulation should be ensured. Access by basic users who do not have administrator privileges must be prevented throughout the retention period to prevent premature deletions. And last but not least, an archiving software must provide continuous and complete access in the event of a tax audit.
If you address and address all the issues correctly, you will not have any problems with the tax office as far as email storage is concerned.
Secure your emails legally binding in the data.Cloud with additional backups. Searchable anytime with web, windows or outlook client. Very easy and affordable. Secure each mailbox - provider independent. Further information can be found on the following page: Data.Cloud offer description