Compliance With The Requirements Of Gdpdu 2p274y
This document was ed by and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this report form. Report 2z6p3t
Overview 5o1f4z
& View Compliance With The Requirements Of Gdpdu as PDF for free.
More details 6z3438
- Words: 4,314
- Pages: 14
GFI Software | www.gfi.com
WhitePaper Compliance with the Requirements of GDPdU using the Software GFI MailArchiver 6 for Exchange
compiled in cooperation with
August 09
A.
Introduction ................................................. 2
According to this regulation, all e-mails with tax-
B.
Legal principles........................................... 3
relevant content are to be electronically retained
C.
Technical and organisational
for the duration of the statutory retention period
requirements ............................................... 4 I.
and must be made available on request of the
Electronic evaluation ............................ 4
fiscal authorities.
II. Completeness and unalterability ......... 5
Specific requirements regarding nature, format and
III. Secure and traceable data processing
processability of electronically retained e-mails
and data storage.................................... 5 IV. Adequate data accessibility ................. 5
must be satisfied.
V. Assignment capability of e-mails and
An arbitrary storage in individual mailboxes of
related business transactions.............. 6
personnel or a printout of tax-relevant e-mails are
VI. Provision of adequate process
now insufficient.
documentation....................................... 6 VII. Data protection requirements .............. 6
Companies that have not adjusted their financial
D.
Risks............................................................. 6
ing to the new statutory requirements of
E.
GFI MailArchiver 6 Checklist ..................... 9
GDPdU may be subject to substantial sanctions in their next tax audit. Exceptionally severe violations
A. Introduction
may result in an estimation of the tax basis as well
We can no longer imagine conducting busi-
as penalty payments and a fine on arrears that can
ness without e-mail. Today entire transactions
amount to EUR 250,000.
are conducted based on e-mail exchanges.
Electronic archiving systems offer a compliance
As e-mails often serve as business letters and
solution to the high demands of e-mail retention.
so-called “commercial letters“ and are also
Note, however, that a solely technical solution by
significant for taxation, specific requirements
itself does not lead to compliance.
regarding processing and retention of these e-
Compliance with retention requirements can be
mails are imposed.
achieved only through technical solutions in
The German Tax Code (§ 147 AO) controls
combination with coordinated procedures and
the requirements for tax-relevant e-mails.
processes.
Pursuant to the Tax Code, tax-relevant e-mails
It is a prevalent misapprehension that a “certified“
must be retained for either six or ten years.
system by itself suffices to comply with the various
In addition, a detailed statutory regulatory
requirements. That is simply not true.
requirement on data access of the German fiscal
authority
called
GDPdU
Many software producers leave their customers
(broadly
translated as “Generally Accepted Principles
unaware
of Data Access and Auditability of Digital
requirements and may conceal that in addition to
Documents“) has been in effect in
simple
for several years.
connection with the filing structure for e-mails and
2
of
the
storage,
true
extent
organisational
of
compliance
procedures
in
attachments as well as prompt retrieval must
Documents subject to retention obligations are
be implemented.
e. g.:
GFI Software strikes a new path. In addition to
ƒ
a
certification
issued
by
a
German ƒ
GFI MailArchiver 6 concerning compliance GDPdU,
GFI
Software
offers
ƒ
to
physical documents in hard copy (e. g.
procedure documentation and manual, documentation of the internal control system
procedures and processes is provided. designed
and
vouchers)
the structuring of the necessary organisational
is
books
generated ing vouchers and other
proven technical archiving solution, for
document
incoming commercial letters or manually
a
comprehensive solution. In addition to the
This
vouchers,
commercial letters
ancy of the e-mail archiving software with
ing
(ICS) as well as other documents needed for provide
understanding the financial ing
information about the requirements of German
E-mails with tax-relevant content also fall into the
fiscal authorities and to , on the basis
category of documents with a retention obligation
of a pragmatic checklist, the implementation of
pursuant to § 147 (1) No. 5 AO.
procedures pursuant to statutes.
Details of the statutory specifications can be
B. Legal principles
gathered
Pursuant to German commercial and fiscal law
policies and regulations, including amongst others:
(§§ 238, 239, 257 HGB and §§ 145-147 AO)
ƒ
from
Grundsätze
different
relevant
ordnungsmäßiger
statements,
Buchführung
books and other ing records
(GoB, broadly translated as “Generally Accept-
can be maintained under certain conditions on
ed
an image carrier or any other data carrier.
accordance with §§ 238 et seq., 257 HGB and
Accordingly, storage of tax-relevant docu-
§§ 147 et seq. AO
ments on digital data carriers – e. g. in
ƒ
Principles
of
Proper
ing“)
in
Grundsätze ordnungsmäßiger DV-gestützter
electronic archiving systems – is possible.
Buchführungssysteme (GoBS, broadly trans-
Electronic archiving is defined as unalterable
lated as “Generally Accepted Principles of
long-term storage of documents subject to
Computer-Assisted
retention obligations on machine-readable
issued by the Federal Ministry of Finance
data carriers to fulfill the statutory retention
(BMF) in a written communication on 7
requirements pursuant to § 257 HGB and 147
November 1995
AO.
3
ing
Systems“),
ƒ
Grundsätze zum Datenzugriff und zur
ƒ
assignment capability of e-mails and related business transactions
Prüfbarkeit digitaler Unterlagen (GDPdU), issued by the BMF in a written communication on 16 July 2001
ƒ
provision of adequate process documentation
ƒ
data protection requirements
With an intent to provide details of these
I.
requirements, the Institute of German Public Auditors (“Institut der Wirtschaftsprüfer in
According to GDPdU, electronic evaluation must
Deutschland e.V.“, IDW) published on 11 July
be provided. The data sourcing archiving system
2006 a statement for proper ing when applying
electronic
archiving,
must have processing capacities, in a quantitive
called
and qualitative degree, similar to that of the source
“Grundsätze ordnungsmäßiger Buchführung
system as if the data was still in the productive
beim Einsatz elektronischer Archivierungs-
system (broadly paraphrased from the BMF
verfahren“ (IDW RS FAIT 3). Additionally,
there
are
Electronic evaluation
pronouncement). data
protection
During a transfer no changes may occur to the
requirements determined by the Federal Data
object to be archived or to its ability to be
Protection Act (“Bundesdatenschutzgesetz“,
evaluated.
BDSG).
With regard to generic digital documents, it is to be
C. Technical and organisational requirements
noted whether structural information is present in
Regulations, including pronouncements of the
evaluation.
German fiscal authorities, do not prescribe any
For example, the “header“ of e-mails contains,
certain technique for electronic archiving.
amongst other information, details about the
However, there is mutual agreement about
sender, recipient and coding and is considered
certain
part of the structural information.
technical
requirements
related
and to
addition to content that is necessary for electronic
organisational any
system
for
In addition to the e-mail itself and the structural
electronic archiving of e-mails:
information,
e-mail
attachments
They
are
are
also
of
ƒ
electronic evaluation
importance.
ƒ
completeness and unalterability
consideration when the tax relevance of an e-mail
ƒ
secure and traceable data processing and
be
taken
into
is evaluated and should maintain their capability to be evaluated during the entire archiving process.
data storage ƒ
to
adequate data accessibility
4
II. Completeness and unalterability
The complete storage of captured data is to be ensured in a retraceable manner and error-free
All data must be fully archived. Therefore data
saving is to be ensured by suitable plausibility
from the source system may not be filtered in
controls.
any way.
To assure information security and data protection,
Fiscal authorities attach great importance that
the archiving software may allow for read-only data
no densification of information occur prior to acceptance
by
the
archiving
system
access in light of separation of functions and
or
authorised interest, and as required in interaction
subsequently to acceptance, because a loss of
tax-relevant
information
cannot
with the operating system as well as applied third-
be
party software (e. g. database system).
precluded.
Thus, encrypted storage as well as encapsulation
The unalterability of archiving objects is to be
of the master file is permissable to the extent that
ensured during all stages of the archiving
the master file can be readably retrieved without
process. The duplicability of the process is to
causing a delay in the audit process.
be ensured through proper logging.
Storage in a data format deviating from the master
The applied archiving procedures have to be performed
such
that
the
file is not acceptable and may act only as a
following
supplement to the master file.
requirements are fulfilled: ƒ
parameterisation of all systems of the
IV. Adequate data accessibility
archiving solution that ensure the capture
The applied archiving system must technically
of tax-relevant data ƒ
enable free access to data and documents.
loss-free data transfer to the data capture
To ensure prompt data access for fiscal authorities
system ƒ
prompt periodic archiving
ƒ
archiving of data true to the original in both
the archiving solution must allow for readability and reproducibility of the archiving objects at any time during the entire retention period.
imagery and content
In order to ensure the retrievability of tax-relevant e-mails, the requirements for proper filing must be
III. Secure and traceable data processing and data storage
satisfied. Therefore it is essential that each e-mail is assigned a unique index value.
Any subsequent changes to the archived objects must be prevented at all levels
Moreover the system should dispose of a suitable
including the operating system, database and
method for keyword indexing to map relations on
application level.
data outside the archiving system. This ensures
5
that the tax auditor is able to retrace a logical chain of tax-relevant business transactions including the examination of particular data objects.
ƒ
documentation
ƒ
technical system documentation
ƒ
operational documentation
Therein the applicable procedures are to be
V. Assignment capability of e-mails and related business transactions
determined and verifed. This applies in particular
The assignment of tax-relevant e-mails to
procedures.
corresponding
business
transactions
to the controls designated to the respective is
Moreover the process documentation shall contain
mandatory. This is rather complicated due to
technical (e. g. interface definitions to preceding
the characteristics of e-mails.
and subsequent systems) and organisational
The following alternatives are possible: ƒ
definitions (e. g. point in time and frequency of archiving processes).
tax-relevant e-mails with reference to one business transaction
ƒ
VII. Data protection requirements
tax-relevant e-mails with reference to
Along with the fundamental problem of automated
numerous business transactions ƒ
e-mail qualification, using server-sided archiving in
tax-relevant e-mails not in reference to any
companies also includes difficulties with regard to
business transaction
data protection requirements.
Fiscal authorities do not provide specific
Through server-sided automated archiving of e-
operational
an
mails, all incoming e-mails are captured before
assignment is to be made in a reliable
they reach the recipient’s individual sphere of
manner. Insofar the taxpayer is not subject to
control on his workstation computer. In this case,
any
private e-mails would also be subject to archiving.
guidelines
restrictions
procedures.
A
on
regarding suitable
how
his
such
choice
archiving
of
system
should nervertheless provide for convenient
D. Risks
methods to allow for such an assignment.
The risks resulting from a failure to satisfy statutory requirements are numerous. In addition to potential
VI. Provision of adequate process documentation
legal consequences, they primarily affect image, profitability and efficiency of the company.
The archiving solution must dispose of an adequate process documentation, consisting
Material risks are e. g.:
of the following components:
ƒ
6
non-deductibility of input VAT
ƒ
sanctions for non-compliance with
Loss of evidentiary value
regulations
Inadequate archiving may result in a loss of
ƒ
loss of evidentiary value
ƒ
data protection violations
ƒ
increased in-house expenses
ƒ
disclosure of sensitive internal information
evidentiary value and thus result in an indefinite financial risk. This is particularly possible if the archived e-mails do not remain unaltered and in their original format,
in
the
example,
business
where the content and sequence of events are
archiving of incoming invoices received by the e-mail
For
may represent essential evidence in litigation
As a result of inadequate or incomplete via
required.
correspondence between customers and suppliers
Non-deductibility of input VAT
company
as
context
material.
of
transmission of electronic invoices (“e-billing“),
Data protection violations
there is a danger of losing the deductability of
Violations of data protection requirements are
input VAT.
especially possible as a result of insufficient
In this context, the proper archiving of the so-
physical and logical access restrictions to material
called
data if access to or even manipulations of personal
“validated
electronic
signature“,
accompanying an electronic invoice must be
data are thereby possible.
considered. In , the “Value Added Tax
Act“
(Umsatzsteuergesetz,
A violation of data protection regulations may
UStG)
result in substantial monetary fines ranging, in the
demands a validated electronic signature on
worst case, from EUR 50,000 as a consequence of
electronically transmitted invoices in order for
violations of procedural rules to EUR 300,000 for
the company receiving the invoice to deduct
violations of material data protection regulations.
the input VAT. Sanctions
for
non-compliance
Increased in-house expenses
with
The in-house expense of providing prompt and
regulations Violations
of
regulations
may
result
free data access to fiscal authorities must also be
in
considered.
sanctions by fiscal authorities ranging from
For
penalties and fines on arrears for exeptionally
example,
a
subsequent
sorting
of
a
progressive increase of e-mail data may result in a
severe violations that can amount to EUR
considerable operating expense.
250,000 (§ 146 2b AO) and may extend to an estimation of the tax basis.
In contrast, proper filing normally results in
7
significant efficiency advantages. In addition, the implementation of a dedicated e-mail archiving solution avoids unnecessary data redundancy and excess use of resources (e. g. storage capacity). Disclosure of sensitive internal information The fiscal authorities are not subject to any restrictions
regarding
exploitation
of
information that has accidentally come into their possession or which exceeds the object of the audit. Failed or flawed separation of tax-relevant emails from non tax-relevant e-mails may lead to a situation where, as a result of the disclosure of internal information which was not an object of the audit, fiscal authorities could acquire facts that might be to the company’s disadvantage. This represents an avoidable risk.
8
E. GFI MailArchiver 6 Checklist
Parameterisation and interfaces
System Design
In order to allow for a configuration of the archving solution that complies with the requirements of
Selection of a suitable archive storage
GDPdU, the following mandatory preparations on
‰ Does the selected archive storage comply
the side of the source system (MS Exchange
with the requirements of unalterable and
Server) are to be made prior to the initial operation:
traceable archiving?
ƒ
It is essential that the archive storage
Definition and installation of the journaling mailbox that is to contain all e-mails designated
allows for comprehensive logging of all
for archiving of the corresponding server
saving processes and subsequent data ƒ
access (including the database level).
Activation of envelope journaling in MS Exchange Server to ensure the completeness
The database system MS SQL Server
of the scope of archiving, comprising all
serves as a suitable data storage.
possible e-mail recipients including blind
Subject to appropriately configured access
carbon copy recipients (BCC)
rights the above referenced requirements
This feature is already activated by default
are fulfilled by complete storage of all data
when using MS Exchange Server 2007.
within the database to enable GDPdU-
ƒ
compliant storage.
Activation of the message tracking function to allow for subsequent verification of complete
Security of data connection
archiving
‰ Does the archiving of e-mails occur via
In addition to the mandatory preparations for
network connections from source systems
GDPdU-compliant
that are not located within the ’s
recommendations should be considered:
sphere of confidence (e. g. from remote
this
case
unalterability
within
the
archiving option settings of GFI MailArchiver? With regard to completeness aspects the
encryption protected file transfer.
following settings are to be made:
For this purpose it is necessary to select transmission
secure
sockets
protocol layer
following
designated for archival storage is not limited by
transmission path has to be ensured by
the
the
‰ Is it ensured that the scope of e-mails
MS Exchange Servers)? In
archiving,
IMAP
(SSL)
in
ƒ
with
Capture of e-mails in all possible directions (incoming, outgoing and internal)
GFI ƒ
MailArchiver to connect with the source system.
9
No exclusions based on blacklisted
ƒ
s of the windows domain or
archiving system and/or is an istration
specific e-mail addresses
manual placed at its disposal?
No limitations on the number of s
‰ Are maintenance and operations control tasks
based on whitelisted s of
of the archiving system properly defined and
the windows domain or specific e-mail
contained in a superordinated concept of IT
addresses
related controlled operations?
Exceptions result from s or e-
‰ Are all verification tasks properly defined?
mail addresses where tax relevance of the
‰ Does the configured authorisation concept
e-mail traffic can definitely be excluded.
comply with the predetermined competencies
‰ Is it ensured that no archiving policies are
and is the procedure adequately documented?
installed which allow for a storage time
Capture
shorter than the statutory retention period
‰ Are all procedures and techniques that allow
(e. g. retention policies for immediate
for verifiable complete and correct capture and
deletion based on predefined features)?
archival storage of e-mails properly defined Processes and organisation
and documented?
‰ Does the written definition serve as a
GFI MailArchiver does not the logging
suitable method to allow a competent third
of e-mails transferred via standard interface
party to comprehend content, structure
from MS Exchange Server. Therefore the
and process flow of the procedures within
verification of loss-free and thus complete data
an appropriate timeframe?
transfer, according to the requirements of
‰ Are all responsibilities for the particular
GDPdU, must be provided by the logging
process steps (functional and IT related
protocol generated by the particular source
operations) for all archiving components
system (MS Exchange Server).
fully defined?
If necessary, it is possible to complete
‰ Is it ensured that s are instructed on
archiving
by
how to operate the archiving system
protocols
(which
and/or is a manual placed at their
message tracking function of MS Exchange
disposal?
Server and show the processed e-mails) with
comparison are
of
the
generated
logging by
the
the subsequently stored e-mails in the archive
‰ Is it ensured that the system istration
on the basis of common identifying features.
is instructed on how to operate the
10
‰ Are suitable procedures in place that
based automated labelling – especially as a
ensure compliance with the requirements
sole technique. An evaluation of tax relevance
of GDPdU with regard to the archival
is usually too complex for predetermined
storage of signed and encrypted e-mails?
policies to operate in a reliable manner.
A subsequent editing of archived e-mails
In any case, such policy-based automated
and the combined capture of e-mails with
procedures should be accompanied by a
additional data sets that are not directly
manual verification.
obtained from MS Exchange Server are not
ed
by
GFI
‰ Has a procedure been defined that allows for
MailArchiver.
an assignment to one or multiple business
Therefore appropriate procedures should be
installed
(e. g.
manual
transactions by means of a suitable keyword
keyword
indexing in GFI MailArchiver?
indexing) to allow for an assignment of
The option provided by GFI MailArchiver to
signed or encrypted e-mails to their corresponding
verification
records
individually apply labels visible to all s to
or
e-mails that are accessible by the allows,
decrypted e-mails and related decryption
in addition to a labelling of tax relevance, for a
keys.
direct assignment to a corresponding business
Indexing and keyword indexing
transaction.
‰ Are the procedures for the labelling of tax-
This can be implemented by applying a label
relevant archived e-mails unambiguously
(e. g. keyword index) that contains identifying
specified?
features
options provided by GFI MailArchiver 6 on
a
retrieval
of
‰ Has a procedure been defined that allows for a
how labels can be attached to e-mails:
ƒ
for
corresponding content in other systems.
There are two fundamentally different
ƒ
allowing
distinct assignment of the archived e-mails in a separate ing system?
Automatically through policy-based labelling at the moment of archiving by
In this regard, the identifier (“Identification
means of definable categorisation
Code“) that enables distinct identification of
policies
archived e-mails within GFI MailArchiver is important.
Manually through subsequent manual
Assimilated in an external system (e. g. ERP
labelling of archived e-mails that are
system ), this identifier can serve as a so-called
accessible to the
“foreign key” to establish a logical reference to
It is advisable to refrain from a policy-
11
the related e-mails and, in this way, an
ƒ
assignment to the business transaction.
Connection-ID (“connectionId“): http://localhost/mailarchiver/mailview-
The “Identification Code“ accessible at the
.aspx?id=-2147483647&connectionId-
application level provides valuable help in
=b44d3270-8bdb-43d2-8fa2-
enabling technical usage of such a foreign
67eb6ead54a9
key reference in a networked system environment.
Entering the URL results in a view of the specific e-mail in the archive:
Subject to appropriately set up access
http://localhost/mailarchiver/mailview.aspx?id=
rights, the archived e-mails can be directly
-2147483647&connectionId=b44d3270-8bdb-
addressed out of external systems via
43d2-8fa2-67eb6ead54a9
hyperlink. However, for this to function, it is necessary that the referencing system
Storage and istration
contain a method to generate the uniform resource The
locator
utilisation
Addition of the second parameter, the
(URL) of
GFI
‰ Is it ensured that the selected archive storage
autonomously.
provides
MailArchiver’s
the
forseeably
required
storage
capacity and that this is monitored regularly?
identifier “Identification Code“ to serve as a referencing linkage out of an external
‰ Is it ensured that subsequent verifiability of
software system is possible using the
complete archiving based on a comparison of
therein contained parameters “id“ and
e-mails transferred by MS Exchange and
“connectionId“.
e-mails
Such a URL can be composed as follows:
(preferably by means of their message-id) is
ƒ
ƒ
archived
by
GFI
MailArchiver
possible?
Addressing the interface of GFI MailArchiver to view the e-mail:
Accordingly, it is necessary to assure that the
http://localhost/mailarchiver/mailview-
MS Exchange Server logs which enable the
.aspx?
comparison on the source side be stored lossfree (e. g. no overwriting, only append mode)
Addition of the (“id“) representing the
as long as the archived data itself.
active archive store of GFI MailArchiver:
Readability and retrieval
http://localhost/mailarchiver/mailview-
‰ Is a tax auditor set up that
.aspx?id=-2147483647
enables access to all tax-relevant e-mails?
12
As GFI MailArchiver does not or
Software security
allow for restricted access based on labels,
it
is
advisable
to
install
‰ Is there an authorisation concept that allows for
an
a determination of the required separation of
organisational procedure for labelling tax
functions and the assignment of access rights?
relevance to ensure separation of data
‰ Are adequate access controls available at the
within the archive prior to a tax audit (e. g.
following access levels:
systematic designation of tax relevance
ƒ
using the manual method for individual
MS Windows including Active Directory,
labelling).
web server and MS Exchange Server
In a further step, an export based on such ƒ
labels followed by a subsequent reimport conducted in preparation of a tax audit. In way
a
tax
auditor
is
database system MS SQL Server
into a dedicated archive store can be this
operating system
ƒ
granted
archiving software GFI MailArchiver 6
comprehensive access to exclusively taxProcess documentation
relevant e-mails based on labels.
‰ Are all settings regarding the parameterisation
Retention and deletion
of
‰ Is it ensured that no retention policies are
software
and
interfaces
properly
documented?
defined that cause a deletion of archived
‰ Are all interfaces between the particular
e-mails prior to expiration of the statutory
components of the archiving solution (e. g.
retention period?
designation,
source/destination
system,
Some tax-relevant e-mails – in certain
interface content/type, matching) documented
cases – may contain information that
in a comprehensible manner?
requires a retention period of ten years.
‰ Are the interfaces between the archiving
Therefore it is advisiable to refrain from a
solution and other software systems of the
policy-based determination of the retention
company (e. g. ERP system or financial
period by means of the retention policies
ing system) with regard to referencing
of GFI MailArchiver to the extent that they
business
do
comprehensible manner?
not
correspond
with
the
longest
statutory minimum period for retention.
transactions
documented
in
a
‰ Are operating instructions for s available that allow for proper performance of their
13
activities including the manual controls and matching
(operational
‰ Is it ensured that changes to the e-mail
documentation)
archiving solution are only applied subject to an
provided by the procedure?
orderly procedure (change management)?
‰ Is a description of the applied components
IT operations
available that illustrates the technical
‰ Are
architecture of the archiving solution and
operations
(controlled
and
organisational instructions (e. g. tasks and
realised (technical system documenta-
authority of s, rules for change
tion)?
management and the istration of storage
‰ Are operating instructions for IT personnel
media)?
available that allow for proper performance
‰ Has an emergency concept been prepared for
of controlled operation (e. g. backup and
a possible failure of the archiving solution (e. g.
restoration manual)?
disaster recovery and contingency plan)?
‰ Is it ensured that the documentation of all
‰ Are suitable data backup and data backup
effective procedures is archived as a
safekeeping
document subject to retention?
and
are
Outsourcing
security of the applied systems and
‰ When engaging an external service provider to
software are subject to functional and
operate the archiving solution (outsourcing), is
technical test procedures prior to the initial
it ensured that the requirements regarding
operation of the archiving solution? procedure
defined
effective data recovery?
‰ Is ensured that the compliance and
test
procedures
regular verification tests scheduled concerning
Implementation and change
a
IT
emergency operations) properly defined in
how the operational requirements are
‰ Is
the
defined
compliance and security are guaranteed by the and
service provider?
documented and do the test cases allow
Appropriate contractual provisions and service
for a verification of the requirements
level agreements are required.
regarding compliance and security? ‰ Is a release procedure defined and documented that contains rules on release competencies and are release approvals for all components of the archiving solution available?
14
WhitePaper Compliance with the Requirements of GDPdU using the Software GFI MailArchiver 6 for Exchange
compiled in cooperation with
August 09
A.
Introduction ................................................. 2
According to this regulation, all e-mails with tax-
B.
Legal principles........................................... 3
relevant content are to be electronically retained
C.
Technical and organisational
for the duration of the statutory retention period
requirements ............................................... 4 I.
and must be made available on request of the
Electronic evaluation ............................ 4
fiscal authorities.
II. Completeness and unalterability ......... 5
Specific requirements regarding nature, format and
III. Secure and traceable data processing
processability of electronically retained e-mails
and data storage.................................... 5 IV. Adequate data accessibility ................. 5
must be satisfied.
V. Assignment capability of e-mails and
An arbitrary storage in individual mailboxes of
related business transactions.............. 6
personnel or a printout of tax-relevant e-mails are
VI. Provision of adequate process
now insufficient.
documentation....................................... 6 VII. Data protection requirements .............. 6
Companies that have not adjusted their financial
D.
Risks............................................................. 6
ing to the new statutory requirements of
E.
GFI MailArchiver 6 Checklist ..................... 9
GDPdU may be subject to substantial sanctions in their next tax audit. Exceptionally severe violations
A. Introduction
may result in an estimation of the tax basis as well
We can no longer imagine conducting busi-
as penalty payments and a fine on arrears that can
ness without e-mail. Today entire transactions
amount to EUR 250,000.
are conducted based on e-mail exchanges.
Electronic archiving systems offer a compliance
As e-mails often serve as business letters and
solution to the high demands of e-mail retention.
so-called “commercial letters“ and are also
Note, however, that a solely technical solution by
significant for taxation, specific requirements
itself does not lead to compliance.
regarding processing and retention of these e-
Compliance with retention requirements can be
mails are imposed.
achieved only through technical solutions in
The German Tax Code (§ 147 AO) controls
combination with coordinated procedures and
the requirements for tax-relevant e-mails.
processes.
Pursuant to the Tax Code, tax-relevant e-mails
It is a prevalent misapprehension that a “certified“
must be retained for either six or ten years.
system by itself suffices to comply with the various
In addition, a detailed statutory regulatory
requirements. That is simply not true.
requirement on data access of the German fiscal
authority
called
GDPdU
Many software producers leave their customers
(broadly
translated as “Generally Accepted Principles
unaware
of Data Access and Auditability of Digital
requirements and may conceal that in addition to
Documents“) has been in effect in
simple
for several years.
connection with the filing structure for e-mails and
2
of
the
storage,
true
extent
organisational
of
compliance
procedures
in
attachments as well as prompt retrieval must
Documents subject to retention obligations are
be implemented.
e. g.:
GFI Software strikes a new path. In addition to
ƒ
a
certification
issued
by
a
German ƒ
GFI MailArchiver 6 concerning compliance GDPdU,
GFI
Software
offers
ƒ
to
physical documents in hard copy (e. g.
procedure documentation and manual, documentation of the internal control system
procedures and processes is provided. designed
and
vouchers)
the structuring of the necessary organisational
is
books
generated ing vouchers and other
proven technical archiving solution, for
document
incoming commercial letters or manually
a
comprehensive solution. In addition to the
This
vouchers,
commercial letters
ancy of the e-mail archiving software with
ing
(ICS) as well as other documents needed for provide
understanding the financial ing
information about the requirements of German
E-mails with tax-relevant content also fall into the
fiscal authorities and to , on the basis
category of documents with a retention obligation
of a pragmatic checklist, the implementation of
pursuant to § 147 (1) No. 5 AO.
procedures pursuant to statutes.
Details of the statutory specifications can be
B. Legal principles
gathered
Pursuant to German commercial and fiscal law
policies and regulations, including amongst others:
(§§ 238, 239, 257 HGB and §§ 145-147 AO)
ƒ
from
Grundsätze
different
relevant
ordnungsmäßiger
statements,
Buchführung
books and other ing records
(GoB, broadly translated as “Generally Accept-
can be maintained under certain conditions on
ed
an image carrier or any other data carrier.
accordance with §§ 238 et seq., 257 HGB and
Accordingly, storage of tax-relevant docu-
§§ 147 et seq. AO
ments on digital data carriers – e. g. in
ƒ
Principles
of
Proper
ing“)
in
Grundsätze ordnungsmäßiger DV-gestützter
electronic archiving systems – is possible.
Buchführungssysteme (GoBS, broadly trans-
Electronic archiving is defined as unalterable
lated as “Generally Accepted Principles of
long-term storage of documents subject to
Computer-Assisted
retention obligations on machine-readable
issued by the Federal Ministry of Finance
data carriers to fulfill the statutory retention
(BMF) in a written communication on 7
requirements pursuant to § 257 HGB and 147
November 1995
AO.
3
ing
Systems“),
ƒ
Grundsätze zum Datenzugriff und zur
ƒ
assignment capability of e-mails and related business transactions
Prüfbarkeit digitaler Unterlagen (GDPdU), issued by the BMF in a written communication on 16 July 2001
ƒ
provision of adequate process documentation
ƒ
data protection requirements
With an intent to provide details of these
I.
requirements, the Institute of German Public Auditors (“Institut der Wirtschaftsprüfer in
According to GDPdU, electronic evaluation must
Deutschland e.V.“, IDW) published on 11 July
be provided. The data sourcing archiving system
2006 a statement for proper ing when applying
electronic
archiving,
must have processing capacities, in a quantitive
called
and qualitative degree, similar to that of the source
“Grundsätze ordnungsmäßiger Buchführung
system as if the data was still in the productive
beim Einsatz elektronischer Archivierungs-
system (broadly paraphrased from the BMF
verfahren“ (IDW RS FAIT 3). Additionally,
there
are
Electronic evaluation
pronouncement). data
protection
During a transfer no changes may occur to the
requirements determined by the Federal Data
object to be archived or to its ability to be
Protection Act (“Bundesdatenschutzgesetz“,
evaluated.
BDSG).
With regard to generic digital documents, it is to be
C. Technical and organisational requirements
noted whether structural information is present in
Regulations, including pronouncements of the
evaluation.
German fiscal authorities, do not prescribe any
For example, the “header“ of e-mails contains,
certain technique for electronic archiving.
amongst other information, details about the
However, there is mutual agreement about
sender, recipient and coding and is considered
certain
part of the structural information.
technical
requirements
related
and to
addition to content that is necessary for electronic
organisational any
system
for
In addition to the e-mail itself and the structural
electronic archiving of e-mails:
information,
attachments
They
are
are
also
of
ƒ
electronic evaluation
importance.
ƒ
completeness and unalterability
consideration when the tax relevance of an e-mail
ƒ
secure and traceable data processing and
be
taken
into
is evaluated and should maintain their capability to be evaluated during the entire archiving process.
data storage ƒ
to
adequate data accessibility
4
II. Completeness and unalterability
The complete storage of captured data is to be ensured in a retraceable manner and error-free
All data must be fully archived. Therefore data
saving is to be ensured by suitable plausibility
from the source system may not be filtered in
controls.
any way.
To assure information security and data protection,
Fiscal authorities attach great importance that
the archiving software may allow for read-only data
no densification of information occur prior to acceptance
by
the
archiving
system
access in light of separation of functions and
or
authorised interest, and as required in interaction
subsequently to acceptance, because a loss of
tax-relevant
information
cannot
with the operating system as well as applied third-
be
party software (e. g. database system).
precluded.
Thus, encrypted storage as well as encapsulation
The unalterability of archiving objects is to be
of the master file is permissable to the extent that
ensured during all stages of the archiving
the master file can be readably retrieved without
process. The duplicability of the process is to
causing a delay in the audit process.
be ensured through proper logging.
Storage in a data format deviating from the master
The applied archiving procedures have to be performed
such
that
the
file is not acceptable and may act only as a
following
supplement to the master file.
requirements are fulfilled: ƒ
parameterisation of all systems of the
IV. Adequate data accessibility
archiving solution that ensure the capture
The applied archiving system must technically
of tax-relevant data ƒ
enable free access to data and documents.
loss-free data transfer to the data capture
To ensure prompt data access for fiscal authorities
system ƒ
prompt periodic archiving
ƒ
archiving of data true to the original in both
the archiving solution must allow for readability and reproducibility of the archiving objects at any time during the entire retention period.
imagery and content
In order to ensure the retrievability of tax-relevant e-mails, the requirements for proper filing must be
III. Secure and traceable data processing and data storage
satisfied. Therefore it is essential that each e-mail is assigned a unique index value.
Any subsequent changes to the archived objects must be prevented at all levels
Moreover the system should dispose of a suitable
including the operating system, database and
method for keyword indexing to map relations on
application level.
data outside the archiving system. This ensures
5
that the tax auditor is able to retrace a logical chain of tax-relevant business transactions including the examination of particular data objects.
ƒ
documentation
ƒ
technical system documentation
ƒ
operational documentation
Therein the applicable procedures are to be
V. Assignment capability of e-mails and related business transactions
determined and verifed. This applies in particular
The assignment of tax-relevant e-mails to
procedures.
corresponding
business
transactions
to the controls designated to the respective is
Moreover the process documentation shall contain
mandatory. This is rather complicated due to
technical (e. g. interface definitions to preceding
the characteristics of e-mails.
and subsequent systems) and organisational
The following alternatives are possible: ƒ
definitions (e. g. point in time and frequency of archiving processes).
tax-relevant e-mails with reference to one business transaction
ƒ
VII. Data protection requirements
tax-relevant e-mails with reference to
Along with the fundamental problem of automated
numerous business transactions ƒ
e-mail qualification, using server-sided archiving in
tax-relevant e-mails not in reference to any
companies also includes difficulties with regard to
business transaction
data protection requirements.
Fiscal authorities do not provide specific
Through server-sided automated archiving of e-
operational
an
mails, all incoming e-mails are captured before
assignment is to be made in a reliable
they reach the recipient’s individual sphere of
manner. Insofar the taxpayer is not subject to
control on his workstation computer. In this case,
any
private e-mails would also be subject to archiving.
guidelines
restrictions
procedures.
A
on
regarding suitable
how
his
such
choice
archiving
of
system
should nervertheless provide for convenient
D. Risks
methods to allow for such an assignment.
The risks resulting from a failure to satisfy statutory requirements are numerous. In addition to potential
VI. Provision of adequate process documentation
legal consequences, they primarily affect image, profitability and efficiency of the company.
The archiving solution must dispose of an adequate process documentation, consisting
Material risks are e. g.:
of the following components:
ƒ
6
non-deductibility of input VAT
ƒ
sanctions for non-compliance with
Loss of evidentiary value
regulations
Inadequate archiving may result in a loss of
ƒ
loss of evidentiary value
ƒ
data protection violations
ƒ
increased in-house expenses
ƒ
disclosure of sensitive internal information
evidentiary value and thus result in an indefinite financial risk. This is particularly possible if the archived e-mails do not remain unaltered and in their original format,
in
the
example,
business
where the content and sequence of events are
archiving of incoming invoices received by the e-mail
For
may represent essential evidence in litigation
As a result of inadequate or incomplete via
required.
correspondence between customers and suppliers
Non-deductibility of input VAT
company
as
context
material.
of
transmission of electronic invoices (“e-billing“),
Data protection violations
there is a danger of losing the deductability of
Violations of data protection requirements are
input VAT.
especially possible as a result of insufficient
In this context, the proper archiving of the so-
physical and logical access restrictions to material
called
data if access to or even manipulations of personal
“validated
electronic
signature“,
accompanying an electronic invoice must be
data are thereby possible.
considered. In , the “Value Added Tax
Act“
(Umsatzsteuergesetz,
A violation of data protection regulations may
UStG)
result in substantial monetary fines ranging, in the
demands a validated electronic signature on
worst case, from EUR 50,000 as a consequence of
electronically transmitted invoices in order for
violations of procedural rules to EUR 300,000 for
the company receiving the invoice to deduct
violations of material data protection regulations.
the input VAT. Sanctions
for
non-compliance
Increased in-house expenses
with
The in-house expense of providing prompt and
regulations Violations
of
regulations
may
result
free data access to fiscal authorities must also be
in
considered.
sanctions by fiscal authorities ranging from
For
penalties and fines on arrears for exeptionally
example,
a
subsequent
sorting
of
a
progressive increase of e-mail data may result in a
severe violations that can amount to EUR
considerable operating expense.
250,000 (§ 146 2b AO) and may extend to an estimation of the tax basis.
In contrast, proper filing normally results in
7
significant efficiency advantages. In addition, the implementation of a dedicated e-mail archiving solution avoids unnecessary data redundancy and excess use of resources (e. g. storage capacity). Disclosure of sensitive internal information The fiscal authorities are not subject to any restrictions
regarding
exploitation
of
information that has accidentally come into their possession or which exceeds the object of the audit. Failed or flawed separation of tax-relevant emails from non tax-relevant e-mails may lead to a situation where, as a result of the disclosure of internal information which was not an object of the audit, fiscal authorities could acquire facts that might be to the company’s disadvantage. This represents an avoidable risk.
8
E. GFI MailArchiver 6 Checklist
Parameterisation and interfaces
System Design
In order to allow for a configuration of the archving solution that complies with the requirements of
Selection of a suitable archive storage
GDPdU, the following mandatory preparations on
‰ Does the selected archive storage comply
the side of the source system (MS Exchange
with the requirements of unalterable and
Server) are to be made prior to the initial operation:
traceable archiving?
ƒ
It is essential that the archive storage
Definition and installation of the journaling mailbox that is to contain all e-mails designated
allows for comprehensive logging of all
for archiving of the corresponding server
saving processes and subsequent data ƒ
access (including the database level).
Activation of envelope journaling in MS Exchange Server to ensure the completeness
The database system MS SQL Server
of the scope of archiving, comprising all
serves as a suitable data storage.
possible e-mail recipients including blind
Subject to appropriately configured access
carbon copy recipients (BCC)
rights the above referenced requirements
This feature is already activated by default
are fulfilled by complete storage of all data
when using MS Exchange Server 2007.
within the database to enable GDPdU-
ƒ
compliant storage.
Activation of the message tracking function to allow for subsequent verification of complete
Security of data connection
archiving
‰ Does the archiving of e-mails occur via
In addition to the mandatory preparations for
network connections from source systems
GDPdU-compliant
that are not located within the ’s
recommendations should be considered:
sphere of confidence (e. g. from remote
this
case
unalterability
within
the
archiving option settings of GFI MailArchiver? With regard to completeness aspects the
encryption protected file transfer.
following settings are to be made:
For this purpose it is necessary to select transmission
secure
sockets
protocol layer
following
designated for archival storage is not limited by
transmission path has to be ensured by
the
the
‰ Is it ensured that the scope of e-mails
MS Exchange Servers)? In
archiving,
IMAP
(SSL)
in
ƒ
with
Capture of e-mails in all possible directions (incoming, outgoing and internal)
GFI ƒ
MailArchiver to connect with the source system.
9
No exclusions based on blacklisted
ƒ
s of the windows domain or
archiving system and/or is an istration
specific e-mail addresses
manual placed at its disposal?
No limitations on the number of s
‰ Are maintenance and operations control tasks
based on whitelisted s of
of the archiving system properly defined and
the windows domain or specific e-mail
contained in a superordinated concept of IT
addresses
related controlled operations?
Exceptions result from s or e-
‰ Are all verification tasks properly defined?
mail addresses where tax relevance of the
‰ Does the configured authorisation concept
e-mail traffic can definitely be excluded.
comply with the predetermined competencies
‰ Is it ensured that no archiving policies are
and is the procedure adequately documented?
installed which allow for a storage time
Capture
shorter than the statutory retention period
‰ Are all procedures and techniques that allow
(e. g. retention policies for immediate
for verifiable complete and correct capture and
deletion based on predefined features)?
archival storage of e-mails properly defined Processes and organisation
and documented?
‰ Does the written definition serve as a
GFI MailArchiver does not the logging
suitable method to allow a competent third
of e-mails transferred via standard interface
party to comprehend content, structure
from MS Exchange Server. Therefore the
and process flow of the procedures within
verification of loss-free and thus complete data
an appropriate timeframe?
transfer, according to the requirements of
‰ Are all responsibilities for the particular
GDPdU, must be provided by the logging
process steps (functional and IT related
protocol generated by the particular source
operations) for all archiving components
system (MS Exchange Server).
fully defined?
If necessary, it is possible to complete
‰ Is it ensured that s are instructed on
archiving
by
how to operate the archiving system
protocols
(which
and/or is a manual placed at their
message tracking function of MS Exchange
disposal?
Server and show the processed e-mails) with
comparison are
of
the
generated
logging by
the
the subsequently stored e-mails in the archive
‰ Is it ensured that the system istration
on the basis of common identifying features.
is instructed on how to operate the
10
‰ Are suitable procedures in place that
based automated labelling – especially as a
ensure compliance with the requirements
sole technique. An evaluation of tax relevance
of GDPdU with regard to the archival
is usually too complex for predetermined
storage of signed and encrypted e-mails?
policies to operate in a reliable manner.
A subsequent editing of archived e-mails
In any case, such policy-based automated
and the combined capture of e-mails with
procedures should be accompanied by a
additional data sets that are not directly
manual verification.
obtained from MS Exchange Server are not
ed
by
GFI
‰ Has a procedure been defined that allows for
MailArchiver.
an assignment to one or multiple business
Therefore appropriate procedures should be
installed
(e. g.
manual
transactions by means of a suitable keyword
keyword
indexing in GFI MailArchiver?
indexing) to allow for an assignment of
The option provided by GFI MailArchiver to
signed or encrypted e-mails to their corresponding
verification
records
individually apply labels visible to all s to
or
e-mails that are accessible by the allows,
decrypted e-mails and related decryption
in addition to a labelling of tax relevance, for a
keys.
direct assignment to a corresponding business
Indexing and keyword indexing
transaction.
‰ Are the procedures for the labelling of tax-
This can be implemented by applying a label
relevant archived e-mails unambiguously
(e. g. keyword index) that contains identifying
specified?
features
options provided by GFI MailArchiver 6 on
a
retrieval
of
‰ Has a procedure been defined that allows for a
how labels can be attached to e-mails:
ƒ
for
corresponding content in other systems.
There are two fundamentally different
ƒ
allowing
distinct assignment of the archived e-mails in a separate ing system?
Automatically through policy-based labelling at the moment of archiving by
In this regard, the identifier (“Identification
means of definable categorisation
Code“) that enables distinct identification of
policies
archived e-mails within GFI MailArchiver is important.
Manually through subsequent manual
Assimilated in an external system (e. g. ERP
labelling of archived e-mails that are
system ), this identifier can serve as a so-called
accessible to the
“foreign key” to establish a logical reference to
It is advisable to refrain from a policy-
11
the related e-mails and, in this way, an
ƒ
assignment to the business transaction.
Connection-ID (“connectionId“): http://localhost/mailarchiver/mailview-
The “Identification Code“ accessible at the
.aspx?id=-2147483647&connectionId-
application level provides valuable help in
=b44d3270-8bdb-43d2-8fa2-
enabling technical usage of such a foreign
67eb6ead54a9
key reference in a networked system environment.
Entering the URL results in a view of the specific e-mail in the archive:
Subject to appropriately set up access
http://localhost/mailarchiver/mailview.aspx?id=
rights, the archived e-mails can be directly
-2147483647&connectionId=b44d3270-8bdb-
addressed out of external systems via
43d2-8fa2-67eb6ead54a9
hyperlink. However, for this to function, it is necessary that the referencing system
Storage and istration
contain a method to generate the uniform resource The
locator
utilisation
Addition of the second parameter, the
(URL) of
GFI
‰ Is it ensured that the selected archive storage
autonomously.
provides
MailArchiver’s
the
forseeably
required
storage
capacity and that this is monitored regularly?
identifier “Identification Code“ to serve as a referencing linkage out of an external
‰ Is it ensured that subsequent verifiability of
software system is possible using the
complete archiving based on a comparison of
therein contained parameters “id“ and
e-mails transferred by MS Exchange and
“connectionId“.
e-mails
Such a URL can be composed as follows:
(preferably by means of their message-id) is
ƒ
ƒ
archived
by
GFI
MailArchiver
possible?
Addressing the interface of GFI MailArchiver to view the e-mail:
Accordingly, it is necessary to assure that the
http://localhost/mailarchiver/mailview-
MS Exchange Server logs which enable the
.aspx?
comparison on the source side be stored lossfree (e. g. no overwriting, only append mode)
Addition of the (“id“) representing the
as long as the archived data itself.
active archive store of GFI MailArchiver:
Readability and retrieval
http://localhost/mailarchiver/mailview-
‰ Is a tax auditor set up that
.aspx?id=-2147483647
enables access to all tax-relevant e-mails?
12
As GFI MailArchiver does not or
Software security
allow for restricted access based on labels,
it
is
advisable
to
install
‰ Is there an authorisation concept that allows for
an
a determination of the required separation of
organisational procedure for labelling tax
functions and the assignment of access rights?
relevance to ensure separation of data
‰ Are adequate access controls available at the
within the archive prior to a tax audit (e. g.
following access levels:
systematic designation of tax relevance
ƒ
using the manual method for individual
MS Windows including Active Directory,
labelling).
web server and MS Exchange Server
In a further step, an export based on such ƒ
labels followed by a subsequent reimport conducted in preparation of a tax audit. In way
a
tax
auditor
is
database system MS SQL Server
into a dedicated archive store can be this
operating system
ƒ
granted
archiving software GFI MailArchiver 6
comprehensive access to exclusively taxProcess documentation
relevant e-mails based on labels.
‰ Are all settings regarding the parameterisation
Retention and deletion
of
‰ Is it ensured that no retention policies are
software
and
interfaces
properly
documented?
defined that cause a deletion of archived
‰ Are all interfaces between the particular
e-mails prior to expiration of the statutory
components of the archiving solution (e. g.
retention period?
designation,
source/destination
system,
Some tax-relevant e-mails – in certain
interface content/type, matching) documented
cases – may contain information that
in a comprehensible manner?
requires a retention period of ten years.
‰ Are the interfaces between the archiving
Therefore it is advisiable to refrain from a
solution and other software systems of the
policy-based determination of the retention
company (e. g. ERP system or financial
period by means of the retention policies
ing system) with regard to referencing
of GFI MailArchiver to the extent that they
business
do
comprehensible manner?
not
correspond
with
the
longest
statutory minimum period for retention.
transactions
documented
in
a
‰ Are operating instructions for s available that allow for proper performance of their
13
activities including the manual controls and matching
(operational
‰ Is it ensured that changes to the e-mail
documentation)
archiving solution are only applied subject to an
provided by the procedure?
orderly procedure (change management)?
‰ Is a description of the applied components
IT operations
available that illustrates the technical
‰ Are
architecture of the archiving solution and
operations
(controlled
and
organisational instructions (e. g. tasks and
realised (technical system documenta-
authority of s, rules for change
tion)?
management and the istration of storage
‰ Are operating instructions for IT personnel
media)?
available that allow for proper performance
‰ Has an emergency concept been prepared for
of controlled operation (e. g. backup and
a possible failure of the archiving solution (e. g.
restoration manual)?
disaster recovery and contingency plan)?
‰ Is it ensured that the documentation of all
‰ Are suitable data backup and data backup
effective procedures is archived as a
safekeeping
document subject to retention?
and
are
Outsourcing
security of the applied systems and
‰ When engaging an external service provider to
software are subject to functional and
operate the archiving solution (outsourcing), is
technical test procedures prior to the initial
it ensured that the requirements regarding
operation of the archiving solution? procedure
defined
effective data recovery?
‰ Is ensured that the compliance and
test
procedures
regular verification tests scheduled concerning
Implementation and change
a
IT
emergency operations) properly defined in
how the operational requirements are
‰ Is
the
defined
compliance and security are guaranteed by the and
service provider?
documented and do the test cases allow
Appropriate contractual provisions and service
for a verification of the requirements
level agreements are required.
regarding compliance and security? ‰ Is a release procedure defined and documented that contains rules on release competencies and are release approvals for all components of the archiving solution available?
14
Related Documents c2h70
Compliance With The Requirements Of Gdpdu 2p274y
February 2022 0
10. Ensure Compliance With Pollution Prevention Requirements 262c6c
November 2021 0
Dao 2007-23 - Pcl Compliance Certificate Requirements 55664
October 2019 90
Compliance 4t621n
May 2022 0
Affidavit Of Compliance Sample 1g66d
December 2019 28
Febraban Compliance Funcao De Compliance 6pb67
August 2022 0More Documents from "GFI Software" 546rr
Compliance With The Requirements Of Gdpdu 2p274y
February 2022 0
React Js Training In Hyderabad 16253w
July 2022 0
Php Training In Pune-course Content Advanto Software 1j5x6i
August 2021 0
Autosperm Manual 484n1x
September 2022 0
Kinnser + Direct Data Entry (dde) 5yz4w
March 2021 0