The Data Protection Act was set up in the UK in 1998 and concerns personal data. According to the DPA, anyone has the right to ask for a copy of their personal data being stored by businesses in the UK. If your company is asked for information under the DPA by an individual, you have a maximum of 40 days to locate this data, retrieve it, and respond to the query. You may charge a bill for this, but only up to a maximum of £10. This law applies to any firms who store and/or process personal information about customers, and if you fail to follow the rules and respond to this request, you could face an unlimited fine. Since the majority of customer data is processed through emails, email archiving is especially relevant here to make sure you can locate this data, process it, and hand it over within 40 calendar days.
The Data Protection Act can also affect internal matters, for instance in cases of employment tribunal claims. Should an employee who has recently been let go decide to make a claim against you as an employer, you’ll need to locate internal emails for your defense. If you fail to do so, you could end up losing the case and being on the wrong end of an unfair staff dismissal prosecution.