Products and Solutions
 EMA® Mail
 EMA® Cyber Defense
 EMA® Print
 EMA® Scan
 EMA® File
 EMA® Voice
EMA® for SAP Solutions
 SAP Metadata
 SAP Live Migration
 SAP Scan
 S/4 HANA Relief
ARTEC SMART Integration Tools
Firegate VPN
eDiscovery Solutions
Case Management
VSTOR® Vault
 Product Details
 Object Storage
ARTEC Cloud Solutions
 Cloud Models
 Managed Services
 Microsoft 365
Mailserver migration
Microsoft 365 tips
EMA® is Easy to Use
Data Formats
Protect Your Investment
Comprehensive Archiving
Storage Technology
Data Security Concept
Protection Against Cyber Attacks
Big Data - Knowledge is Power
Software Architecture
Single Sign-On
Folder Synchronization
User Access
Full-Text Search
Backup and Recovery
ANA Server
Trusted EMA®
Hot Standby
Digital Signatures
Attributes and Metadata
Department archives/Linking
Federated Search
Retroactive Archiving
WAN Synchronization
EMA® DeDup Server
EMA® App
Outlook extension
Good to Know
Legally Compliant Archiving
Protecting Personal Information
Why WORM Is No Solution
Problems with certifications
Stubbing - (Not) A Solution
Who Uses EMA®?
Why Bother with Archiving
Benefits of an Appliance
Dealing with private e-mails
Laws and Regulations
Overview of the Most Important Regulations
General Data Protection Regulation (DSGVO)
Right to be "forgotten"
Events and Webinars
Press Releases
Press Review
Partner Program
Partner Portal
ARTEC Promotional Program
ARTEC Expert Network
Services & Support
Consulting Services
Technical Consulting
Software Development
Software Subscription & Warranty
Product Support
Company History
Green responsibility
Where to Find Us
Job Openings
Terms and Conditions
Protected Trademarks and Patents
Information for Investors
Privacy Policy
Corporate Information

Handling private e-mails in the company - data protection and compliance requirements in EMA®

As soon as the sending of private e-mails is permitted in a company, there is always an involuntary conflict between compliance requirements and the right to privacy - the right to be forgotten, the deletion of private e-mails. There must be the right to delete private emails and at the same time all business-related e-mails must be kept. Who ultimately decides what is private and what is not? How does a company deal with this issue?

In principle, it is advisable to exclude the use of private e-mails in the company. But rarely can you start on a greenfield site. So if private e-mails are allowed in a company or have been tolerated in the past, a concept must be developed on how access to such is protected. EMA as an e-mail and document archive offers many different options due to many years of experience with complicated requirements of a wide range of customers.

As a rule, private e-mails cannot be automatically recognized afterwards and marked (flagged) as such. However, if there is a rule that private correspondence is marked private by the user, it is possible to exclude these e-mails marked in this way from archiving as a matter of principle or to allow a right to delete privately marked emails for a limited period of time, e.g. 30 days. However, EMA can also be configured in such a way that an administrator can only edit private e-mails in a masked manner, but can neither open them nor see the subject. In order to circumvent this restriction, it would then again be necessary to have a 4-eye agreement with the works council.

EMA can generally follow any adopted rule here, but there must be a balancing of which requirement weighs more heavily. Erasure locks can be set up in a variety of ways, including optional case management for legal departments that need to quickly freeze large amounts of data.

In principle, there are the following more or less good ways to deal with private e-mails:

Filtering of e-mails marked as private

Filtering on subject [PRIVATE]

4-eyes principle for admin access, with works council

Access via admin restriction only to e-mails as of new company agreement

Works council may monitor and read EMA log

Employees may, for example, delete their mails in the archive for 30 days

Archive only by folder synchronization, after 30 days in which everyone can clean up and delete everything

Users may delete mails at any time

Users are allowed to set the "Private" attribute

In the end, however, there is always the question: Who monitors the monitors or who has the final say in the company? Ultimately, only each company can answer this question for itself. We are ready to advise you in finding the best solution.


You still have questions?
Please do not hesitate to contact us.

ARTEC IT Solutions GmbH
Phone: +49 (0) 6039 9154 - 0

ARTEC IT Solutions Asia Pacific
Phone: +82-2-515-3349

ARTEC IT Solutions USA, LP
Tel: +1-855-GOARTEC
Tel: +1-855-462-7832