EN
HR Legal Technology

Danish Data Protection Agency issues guidelines on access to e-mails of former employees

logo
Legal news
calendar 31 May 2011
globus Denmark

The Danish Data Protection Agency has recently published guidelines on how long an employer may keep the e-mail account of a former employee open, on who should have access to the account and for what purposes the account may be used.

As a result of several cases brought before the Danish Data Protection Agency concerning the employer's handling of the e-mail account of a former employee, the Agency has drawn up some guidelines on the subject.

The guidelines apply where there is no specific agreement between the employer and the employee.

The guidelines provide among other things that:

The e-mail account of a former employee may only be kept open for as short a period as possible, and this period may not exceed twelve months. The twelve-month period begins to run from the time when the employee ceases to work regardless of whether the company pays salary to the employee for a period after the end of employment.

As soon as the employee has left the workplace and no longer has access to his or her e-mail account, the employer is required to set up an autoreply stating that the employee no longer works for the employer.

The e-mail account may be used only to receive e-mails. Any personal e-mails sent to the e-mail account may, however, be forwarded to the employee's personal e-mail account.

Only one or very few trusted employees should have access to the e-mail account of the former employee.

Information on the employee's e-mail address must as soon as possible be deleted from the company's website and other information sites open to the general public.

In cases where the company keeps the e-mail account of a former employee open, it must comply with the rules of the Danish Data Protection Act, including the rules governing the duty of disclosure, access, etc. As to the duty of disclosure, it may be incorporated in the company's IT policy, and the Data Protection Agency also recommends that the company draws up guidelines on the handling of the e-mail accounts of former employees.

It should be emphasised that the Danish Data Protection Agency does not provide any directions as to whether the employer may read the former employee's personal e-mails as this issue is governed by the Danish Criminal Code. However, the general rule is clearly that the employer is not allowed to do so.

[The Danish Data Protection Agency published the guidelines at its website on 24 May 2011]

As a result of several cases brought before the Danish Data Protection Agency concerning the employer's handling of the e-mail account of a former employee, the Agency has drawn up some guidelines on the subject.

The guidelines apply where there is no specific agreement between the employer and the employee.

The guidelines provide among other things that:

The e-mail account of a former employee may only be kept open for as short a period as possible, and this period may not exceed twelve months. The twelve-month period begins to run from the time when the employee ceases to work regardless of whether the company pays salary to the employee for a period after the end of employment.

As soon as the employee has left the workplace and no longer has access to his or her e-mail account, the employer is required to set up an autoreply stating that the employee no longer works for the employer.

The e-mail account may be used only to receive e-mails. Any personal e-mails sent to the e-mail account may, however, be forwarded to the employee's personal e-mail account.

Only one or very few trusted employees should have access to the e-mail account of the former employee.

Information on the employee's e-mail address must as soon as possible be deleted from the company's website and other information sites open to the general public.

In cases where the company keeps the e-mail account of a former employee open, it must comply with the rules of the Danish Data Protection Act, including the rules governing the duty of disclosure, access, etc. As to the duty of disclosure, it may be incorporated in the company's IT policy, and the Data Protection Agency also recommends that the company draws up guidelines on the handling of the e-mail accounts of former employees.

It should be emphasised that the Danish Data Protection Agency does not provide any directions as to whether the employer may read the former employee's personal e-mails as this issue is governed by the Danish Criminal Code. However, the general rule is clearly that the employer is not allowed to do so.

[The Danish Data Protection Agency published the guidelines at its website on 24 May 2011]

Receive our newsletter

Anders

Etgen Reitz

Partner

Søren

Hessellund Klausen

Partner

Similar

logo
HR Legal

28 March 2025

EFTA Court: Norway can restrict hiring of temporary agency workers

logo
HR Legal

27 March 2025

Self-organiser was not a self-organiser

logo
HR Legal

27 March 2025

Police assistant was dismissed for several data breaches

logo
Technology

14 March 2025

GDPR fines must be calculated based on total worldwide annual turnover

logo
HR Legal

7 March 2025

Employee became liable for competitive activities

logo
HR Legal

27 February 2025

Employee was not bound by unfair non-competition clause

The team

Alexandra

Jensen

Associate

Alma

Winsløw-Lydeking

Senior legal assistant

Anders

Etgen Reitz

Partner

Cecillie

Groth Henriksen

Senior associate

Elias

Lederhaas

Legal assistant

Emilie

Louise Børsch

Associate

Johan

Gustav Dein

Associate

Kirsten

Astrup

Managing associate

Maria

Kjærsgaard Juhl

Legal advisor

Sunniva

Løfsgaard

Legal assistant

Søren

Hessellund Klausen

Partner