What retention period should be applied to email? After what period following termination of a contract should data be deleted from email systems?

ANSWER

There are no specific legal provisions that regulate this issue. This means that the general principle of storage limitation applies. Retention periods may vary depending on the category of data and the purposes for which the data is processed.

As a result, different archiving and deletion rules may be established for different categories of emails. For example:

• Global retention period for emails not assigned to a specific category: 3 years
• Retention period for a folder created for a specific recruitment process: 3 months after the recruitment process ends
• Retention period for a folder related to a specific client or engagement: 6 years
• Retention period for a prospective client: 3 years from the last communication

Emails that are necessary for judicial or administrative proceedings should be preserved separately.

As a reference point, the guidance issued by the French supervisory authority (CNIL) may be helpful:

• https://www.cnil.fr/fr/passer-laction/les-durees-de-conservation-des-donnees
• https://www.cnil.fr/sites/cnil/files/atoms/files/referentiel_traitements-donnees-caractere-personnel_gestion-activites-commerciales.pdf
• https://www.cnil.fr/sites/cnil/files/atoms/files/guide_durees_de_conservation.pdf