GDPR – Meeting Compliance with Email Retention and Erasure Requirements


The EU’s General Data Protection Regulation (GDPR) has been in effect for several years now, but that hasn’t lessened the importance of ensuring your company is prepared to meet its compliance standards. To protect consumer privacy and data rights, any company that collects data on citizens in European Union countries must comply with EU GDPR. 

Here are a few key parts of the regulation you need to know. 

GDPR Key Requirements:

  • Data Custodianship

    All organizations should only keep data as long as it’s needed. Once it’s no longer needed, it must be anonymized or destroyed. 

  • Right to Erasure

    Users can request their personal data be deleted by an organization. 

  • Privacy by Design

    Data processing procedures should integrate security and privacy best practices as standard.

  • Breach Notification

    If a data breach occurs, it must be reported to the Supervisory Authority of the EU member states affected within 72 hours.

How Does Libraesva Help?

Libraesva’s email archiving and email security solutions help organizations meet GDPR requirements in a number of ways. These may vary slightly based on your deployment type. 

Libraesva’s on-premises deployment options for Email Security and Archver give you the software, security updates, and support services you need while allowing you to store data on your own infrastructure, without providing Libraesva access to it. 

Your appliance(s) will not provide us with any personal data; all emails and metadata will remain on your own appliance and within your own infrastructure. This means you’ll have full ownership over what information is stored, how long it’s stored, and who can access it. Libraesva can gain access to your appliance only through the “remote support” feature, as allowed by your team. 

If you choose to deploy via the cloud, your appliance is still private, and you own all the admin rights as with the on-prem deployment; however, Libraesva does become your data processor. As your processor, should there be any unauthorized access to any customer personal data that results in loss, disclosure, or alteration of that data, we will notify you without delay. 

All of Libraesva’s cloud infrastructure operators adhere to the CISPE code of conduct. Our private cloud model ensures you retain full control over your appliance. Libraesva’s team can only access data associated with your appliance for customer support, and incident management. Additionally, Libraesva’s Email Archiver allows you to choose where you store your email archive, and Libraesva products that do collect personal information (Phishbrain) are hosted in Europe, so your stored information stays inside the EU.

Libraesva Privacy Features to Comply with EU GDPR

Now let’s look at a larger breadth of the privacy and security features that are available. Take advantage of these Libraesva features in your journey to EU GDPR compliance. 

  • Easily erase all individual user data from the email archive and metadata to comply with “right to erasure” or “right to be forgotten” requirements. 
  • Prevent the accidental loss of sensitive information with Libraesva’s Data Loss Prevention engine. 
  • Log all sensitive information in an auditing log that cannot be modified or deleted. 
  • Reduce cyber attacks with phishing, malware, whaling, and other email security protection measures, as fits the “privacy by design” GDPR requirement. 
  • Remove beacons in emails that can track user habits to reduce email tracking. 
  • Archive logs remotely in real time. 
  • Encrypt your entire email archive with AES-256. 
  • Send activity reports to your Privacy Officer for ongoing tracking. 
  • Require privacy officer authorization to access any personal data (when the role is assigned). 
  • Leverage granular user role definitions across 80 distinct permissions and role customizations. 
  • Automatically apply RFC3161-certified timestamps to all archived emails.
  • Quickly identify and respond to incidents with Libraesva’s threat remediation and Threat Analysis portal. 

Have questions on how Libraesva’s email security and archiving tools can help your business stay secure and compliant?