GoBS legally secure e-mail storage obligatory

Legally compliant e-mail storage according to GoBD

On January 1, 2017, the "Principles for the proper keeping and storage of books, records and documents in electronic form and for data access" (GoBD) will finally come into force. This also includes the regulations for the legally compliant storage of e-mails and e-mail attachments, for which there will no longer be any exceptions as of the cut-off date. The GoBD replaces all other regulations of the Federal Ministry of Finance (BMF) that previously applied to the retention of business documents. In detail, these are the "Principles of data access and verifiability of digital documents" (GDPdU) and the "Principles of orderly IT-supported accounting systems" (GoBS).

With the publication of the GoBD on November 14, 2014, the BMF took into account above all the fact that electronic data exchange, paperless accounting and digitally stored documentation of all relevant business transactions is commonplace in the day-to-day business of companies of all sizes, and that the scope of this will continue to grow in the future. In this context, e-mails represent a special case for which a number of points must be observed in order to meet the requirements of the GoBD.

Principles of e-mail storage and archiving

You do not have to archive a pure Christmas or birthday greeting to one or more business partners. As soon as a E-mail However, if a document takes on the function of a business letter or a receipt, it must be stored in accordance with the usual retention periods like other documents. The same applies to all attachments with fiscal relevance, i.e. invoices, offers, etc. If the text of the e-mail only serves as an accompanying letter with which an invoice, offer or delivery note is sent, it can be deleted. This can be compared to an envelope that is thrown into the trash after the contents have been removed. In this case, only the attachment is archived, but all the mandatory information for a (sales) tax assessment must be recorded on it.

Constant availability and machine evaluation required

All e-mails that are subject to the archiving obligation must, just like all other electronically generated records and documents including attachments, be available for examination at any time and must be completely protected against manipulation by third parties. You must also ensure that the archived emails can be evaluated automatically. According to GoBD regulations, it is not sufficient to simply print out the documents and store them in paper form. If you use an encryption method for archiving your e-mails, you are also obliged to allow unencrypted access in case of a possible tax audit. This ensures that the documents can be checked via full text search and evaluated automatically.

Time limits for e-mail storage

The retention period is six to ten years, depending on the tax relevance and type of e-mail. The period always begins at the end of the calendar year in which the e-mail was created. This means that you must archive a letter dated January 2 for almost seven or eleven years, as the period does not begin until the next January 1. For all companies and tradespeople, these GoBD regulations represent an effort that should not be underestimated, as all invoices, commercial letters, offers, delivery notes, etc. must be stored in accordance with the GoBD and made available on call at any time. Sufficient resources must be provided for this purpose.

The handling of private e-mails

Some companies allow their employees to use the company's own mail server or provider for private e-mail. In this context, the question arises as to how private messages are handled in terms of storage. Employees can agree to have their e-mails archived by means of a corresponding paragraph in their employment contract or an internal company agreement. However, there may be problems with data protection here, as the privacy of external senders and recipients is also affected. For this reason, it is recommended that you ensure a strict separation of business and private e-mails or generally prohibit private correspondence via your servers.

Software solution or manual work?

A freelancer or a very small company may still be able to handle the tasks of e-mail storage "by hand". From a certain company size on Costs and effort are no longer in a reasonable relation to the benefit. In this case, only a good and secure software solution that meets the criteria for legal certainty and allows machine evaluation and a full text search can help. Such software must fulfill at least the following five tasks. All incoming and outgoing e-mails must be completely captured and stored. It makes sense to do this before forwarding to the addressees. Furthermore, the archiving must be true to the original and without loss of information. Thirdly, secure protection against manipulation should be guaranteed. Access by simple users who do not have administrator rights must be prevented for the entire retention period so that no premature deletions occur. And last but not least, archiving software must enable seamless access at any time in the event of an audit.

If you approach and fulfil all the points mentioned correctly, you will - as far as e-mail storage is concerned - not have any problems with the tax office.

Display:
Save your eMails legally binding in the Data.cloud with additional backups. Searchable at any time with web, windows or outlook client. Simple and affordable. Back up any mailbox - provider independent. For more information, please visit the following page: Data.cloud offer description

Current articles