Stay informed
It is important that you are well aware of the legal obligations with regard to retention periods. Is there such information in your inbox? Then create an archive and actively check when the terms have finally expired. For all other matters that do not fall under a legal obligation, make sure that you do not keep them for longer than necessary.
How long can you keep an email?
This is not stated in the AVG law. It is up to the organizations themselves to determine how long they keep personal data (related to e-mails) and how they do this. This involves looking at how long the data is needed for the purpose for which it was collected or used. Now it gets a bit more concrete. Some e-mails must be kept for a certain period, for example the tax retention obligation of 7 years. For other e-mail messages it can be useful to be able to fall back on for a while, so that you know what has been agreed with a customer, for example. You can delete some e-mails directly, such as private messages that you send with your work e-mail.
An email archive
You can keep messages in an email archive, but eventually messages will have to be deleted over time. For example, when the retention period has expired or the data is no longer necessary. Then it is the intention that organizations destroy the data. If possible, you can set a delete date. Security is also an important factor. Sometimes it can be wise to encrypt email messages. Especially when it comes to important data Google right to be forgotten from UK.
A policy is important
Do employees already know how long data can be kept? It is important that there is a policy within the organization with clear agreements. Which data may be kept? When an e-mail arrives, you categorize it immediately. If necessary, move it to an archive. The deadlines must be carefully monitored.Who does the GDPR apply to? The AVG is better known by the English abbreviation GDPR, which stands for General Data Protection Regulation. This new European Privacy Regulation applies to any organization that deals with personal data in one way or another. Only use for 'personal or household activity', such as the telephone numbers in your private telephone, are excluded. The GDPR therefore applies to both large corporate companies and freelancers, to the local sports association and the charity foundation and everything in between. Stricter requirements for the privacy statement It is important that the data subject (the person to whom the personal data relates) knows what happens to his/her data. In addition, the person must be informed about his/her rights, such as the right to complain to the supervisory authority (the Dutch Data Protection Authority) and the right of access. In practical terms, this means that every organization will have to update the privacy statement.
Arabic
French
Spanish
Portuguese
Deutsch
Turkish
Dutch
Italiano
Russian
Romaian
Portuguese (Brazil)
Greek