The General Data Protection Regulation (GDPR) comes into force in less than 10 months on 25 May 2018. A failure to comply with this law could lead to fines of up to €20 million or 4% of global annual turnover (whichever is higher).

All organisations will need to review their email retention / deletion policies as part of their GDPR compliance projects to ensure that they comply with GDPR’s data minimisation and storage limitation principles.

Organisations may have thousands of emails containing personal data that are stored in live inboxes, as localised back-ups or as part of an historic email archives. Shepherd and Wedderburn can help you:

  • Assess what information your email database holds;
  • Identify and apply a legal basis to support appropriate processing;
  • Set parameters for the filtration, categorisation and deletion of emails;
  • Develop a clear retention / deletion policy.